vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Alsbtain Bulletin is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
The application fails to sanitize user-supplied data, leading to multiple XSS vulnerabilities. An attacker can execute arbitrary script code in the context of the affected website, potentially stealing authentication credentials and launching further attacks.
e107 is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application.
The Oracle AutoVue 'AutoVueX.ocx' ActiveX control is prone to a vulnerability caused by an insecure method. Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on a victim's computer within the context of the affected application (typically Internet Explorer) that uses the ActiveX control.
This exploit allows an attacker to perform a blind SQL injection attack on the XOOPS Module Tiny Event version 1.01. By manipulating the 'id' parameter in the index.php file, the attacker can retrieve sensitive information such as usernames and passwords from the xoops_users table.
Tine is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
osCommerce is prone to a remote file upload and a file disclosure vulnerability. The issues occur because the application fails to adequately sanitize user-supplied input. An attacker can exploit these issues to upload a file and obtain an arbitrary file's content; other attacks are also possible.
Exploiting this issue will exhaust system resources and cause the application to crash, denying service to legitimate users.
The vulnerability exists in Splunk due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary HTML and script code in the context of the affected site, potentially leading to the theft of authentication credentials and other attacks.
Services By CQR