MG2 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Dokeos is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The TP-Link WR740N Wireless N Router network device is exposed to a denial of service vulnerability when processing a HTTP GET request. This issue occurs when the web server (httpd) fails to handle a HTTP GET request over a given default TCP port 80. Resending the value 'new' to the 'isNew' parameter in 'PingIframeRpm.htm' script to the router thru a proxy will crash its httpd service denying the legitimate users access to the admin control panel management interface. To bring back the http srv and the admin UI, a user must physically reboot the router.
The Active Link Engine script is vulnerable to a remote SQL injection attack. An attacker can manipulate the 'catid' parameter to inject malicious SQL code and retrieve sensitive information from the database. The attacker can also bypass authentication and gain unauthorized access to the admin panel.
The CAPTCHA module in Drupal is prone to a security-bypass vulnerability that occurs in the CAPTCHA authentication routine. Successful exploits may allow attackers to bypass the CAPTCHA-based authentication routine, allowing attackers to perform brute-force attacks.
The vulnerability allows remote attackers to include arbitrary files via a parameter in the module.php menu parameter.
The PHPXref application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, within the context of the affected site, and potentially steal cookie-based authentication credentials.
The router suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'getpage' parameter to 'webproc' script is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks.
The application Study planner (Studiewijzer) version <= 0.15 is vulnerable to remote file inclusion. The include function at inc/service.alert.inc.php does not properly sanitize the $SPL_CFG['dirroot'] variable, allowing an attacker to include and execute arbitrary files from a remote location.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. The exploit code given above demonstrates a possible way to exploit this vulnerability by hijacking the DwmSetWindowAttribute function and executing malicious code.
Services By CQR