e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
k2News Management is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
ForumJBC is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverge this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
A remote attacker can exploit this issue to execute arbitrary code on the affected device. Failed exploit attempts will likely crash the device, denying service to legitimate users. The exploit code is written in Perl and it sends a LOGIN command with an overly long string of 'A' characters followed by 'BCDE' to the telnet service on port 23.
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Apple QuickTime is prone to multiple vulnerabilities because it fails to properly bounds-check and sanitize user-supplied data. An attacker can exploit these issues to execute arbitrary code in the context of the victim user running the vulnerable application. Successful exploits may facilitate a remote compromise of affected computers.
Ractive Popper is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
WM-News is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
IDevSupport iSupport is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
IDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.