A user can bypass security restrictions and add a user with Administrator Privilege in Grayscale Blog 0.8.0. Other files like addblog.php, editblog.php, editlinks.php, edit_users.php, and add_links.php are also affected by similar security issues.
Onyx is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Mystic is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The Edit-X PHP CMS is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting malicious script code into user-supplied input. When a victim user visits the affected site, the injected script code executes in their browser, allowing the attacker to steal their authentication credentials and launch further attacks.
CMS Source is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and cross-site-scripting issues. Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, view local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
SyntaxCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Microsoft Windows implementation of Kerberos is prone to a security-bypass vulnerability. Successful exploits may allow attackers to gain unauthorized access to affected computers through replay attacks.
The Sonique application is prone to a remote stack-based buffer-overflow vulnerability. This vulnerability occurs due to the application's failure to perform adequate boundary checks on user-supplied input. Attackers can leverage this issue to execute arbitrary code in the context of the application, potentially leading to denial-of-service conditions in failed attacks.
JBoard is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Rock Band CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR