MC Content Manager is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Advantech/BroadWin SCADA WebAccess is prone to multiple remote vulnerabilities including an information-disclosure issue and a remote code-execution issue. An attacker can exploit these issues to execute arbitrary code and gain access to sensitive information. Other attacks may also be possible.
The Wordpress Ajax Store Locator plugin version 1.2 and below is vulnerable to an arbitrary file download attack. The 'download_file' parameter in the 'sl_file_download.php' script is not properly sanitized, allowing an attacker to download arbitrary files from the server.
Stored xss vulnerability exist in "send private message" module, a user can send xss crafted private message to other user, and when reciever will open the message xss payload will execute
This vulnerability allows an attacker to execute SQL queries in the application's database. By manipulating the 'catid' parameter in the URLs mentioned, an attacker can retrieve sensitive information from the database, such as admin usernames and passwords.
The Perl scripting language is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application implemented with affected Perl code to abort, denying service to legitimate users.
Apple Mac OS X is prone to a local information-disclosure vulnerability because of an integer-overflow error in the HFS subsystem. A local attacker can exploit this issue to obtain sensitive information that may lead to further attacks. Due to the nature of this issue, local attackers may be able to execute arbitrary code in the context of the kernel, but this has not been confirmed.
The 'OpenSSL' extension in PHP is prone to multiple remote denial-of-service vulnerabilities. Successful attacks will cause the application to consume excessive memory, creating a denial-of-service condition.
The vulnerability affects the 'Zip' extension in PHP, allowing remote attackers to cause a denial-of-service condition by crashing the application. It may also be possible for attackers to execute arbitrary code, although this has not been confirmed.
Successful attacks will cause the application to crash, creating a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution may be possible; however, this has not been confirmed.
Services By CQR