The Bonus theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
This exploit attempts to trigger the ICMP refCount overflow in the TCP/IP stack of Windows 7, Vista, and Windows Server 2008 hosts. It requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. The exploit creates 250 threads and floods a host with UDP packets, then attempts to trigger the de-ref using ping. It is estimated that it would take approximately 52 days for the host to enter a condition where this vulnerability is triggerable.
CmyDocument is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Serendipity is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
eFront is prone to multiple cross-site scripting and SQL-injection vulnerabilities due to insufficient sanitization of user-supplied input. These vulnerabilities can be exploited to steal authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Symphony is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
eFront is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The IBSng application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site. This can potentially allow the attacker to steal authentication credentials and perform further malicious actions.
An attacker can execute arbitrary script code in the browser of an unsuspecting user and steal authentication credentials. Other unspecified security vulnerabilities are also present.
Services By CQR