The CiscoWorks Common Services application fails to sufficiently sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks, potentially stealing authentication credentials and launching other attacks.
WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.
This module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This module abuses the FILE privilege to write a payload to Microsoft's All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is Windows 7 friendly.
This module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.
A local file include web vulnerability has been discovered in the official Foxit MobilePDF v4.4.0 iOS mobile web-application. The local file include vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application.The vulnerability is located in the `filename` value of the wifi interface `upload` module. Local attackers are able to manipulate the wif
This exploit allows an attacker to disclose sensitive information from the IPMI (Intelligent Platform Management Interface) protocol. By sending specific commands to the IPMI service, an attacker can retrieve information such as user access privileges, user names, and other configuration settings.
The Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities due to improper input sanitization. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a targeted user, potentially leading to the theft of authentication credentials and other malicious activities.
Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. Other attacks may also be possible.
The Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially allowing the attacker to steal authentication credentials or perform other malicious activities.
TWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.