PluggedOut Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The NewsPortal application is prone to a cross-site scripting vulnerability. This vulnerability occurs because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially allowing the attacker to steal authentication credentials and launch further attacks.
The online store PHP script is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This exploit targets the RoseOnlineCMS v3 B1(op) script and allows for local file inclusion. It takes advantage of a vulnerability in the code that does not properly check user input before including files. By manipulating the 'op' parameter, an attacker can include arbitrary files from the server.
The Web Poll Pro application is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials, control over how the site is rendered to the user, or other attacks.
An attacker can exploit this vulnerability to consume all CPU resources, resulting in a denial of service for legitimate users.
The XOOPS application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the context of the affected site, potentially stealing authentication credentials and launching further attacks.
The Rating-Widget plugin is prone to multiple cross-site scripting vulnerabilities due to inadequate input sanitization. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a targeted user, potentially leading to the theft of authentication credentials and other malicious activities.
The AplikaMedia CMS is vulnerable to an SQL-injection attack due to inadequate input sanitization in an SQL query.
0irc-client v1345 build 20060823 suffers from a NULL pointer dereferencing bug. By sending a specially crafted request, an attacker can cause a denial of service (DoS) condition on the target system.
Services By CQR