The vulnerability allows an attacker to perform Cross-Site Scripting (XSS) attacks and bypass CSRF Tokens Protection. This can lead to various malicious activities such as taking over victim accounts, changing primary email addresses, sending forged requests, and tricking admins to attack their own users.
Mongoose is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. Successfully exploiting this issue will allow an attacker to crash the affected application, denying further service to legitimate users.
Coppermine Photo Gallery is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Multiple input-validation vulnerabilities, including security-bypass, arbitrary-file-upload, SQL-injection, local file-include, cross-site-scripting, and information-disclosure issues, allow unauthorized access, execution of scripts, data modification, stealing authentication credentials, and other attacks.
Attackers can exploit this issue to cause the server to consume excessive resources, denying service to legitimate users.
This PoC exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL(). The exploit allows an attacker to execute arbitrary code.
The LiveZilla software fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability by injecting arbitrary script code into the browser of a targeted user, potentially allowing them to steal authentication credentials and launch further attacks.
IBM Tivoli Access Manager for e-business is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
Pligg CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Appweb is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR