The vulnerabilities allow an attacker to gain control over valid user accounts in LMS, perform operations on their behalf, redirect them to malicious sites, steal their credentials, and more. Multiple reflected XSS requests can be exploited to execute arbitrary JavaScript code on the victim's browser. The CSRF vulnerabilities allow an attacker to perform unauthorized actions on behalf of a victim user.
The GRAND FlAGallery plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The Yahoo! CD Player ActiveX control ('YoPlyCd.dll') is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds check user-supplied input. Attackers can exploit this issue to execute arbitrary code within the context of an application (typically Internet Explorer) that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.
Pet Listing is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Local attackers can exploit this issue to execute arbitrary code with elevated privileges.
Attackers can exploit these vulnerabilities to perform actions as an authorized user, run arbitrary HTML and script code, and transfer files outside of the web directory.
The Axis M10 Series Network Cameras are vulnerable to a cross-site scripting vulnerability due to inadequate sanitization of user-supplied data. This vulnerability allows an attacker to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious activities.
The vulnerability allows attackers to crash the PowerDVD application, causing a denial-of-service condition.
The Apache Struts framework is prone to a security-bypass vulnerability that allows attackers to tamper with sessions. By manipulating the 'session.somekey' parameter in the 'SomeAction.action' URL, attackers can bypass security restrictions and gain unauthorized access.
The Linux kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an out-of-memory error in certain Linux applications, resulting in denial-of-service conditions.
Services By CQR