PunBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The StarDevelop LiveHelp application is prone to a local file-include vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts within the context of the web server process. This could lead to the compromise of the application and the underlying computer. Other attacks may also be possible.
The Auctions plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Microsoft SharePoint is prone to multiple URI open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. Successful exploits may redirect a user to a potentially malicious site; this may aid in phishing attacks.
Orion Network Performance Monitor is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Papoo CMS Light is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Attackers can inject arbitrary HTTP headers into an HTTP response, allowing them to launch various attacks such as cross-site request forgery, cross-site scripting, and HTTP-request smuggling.
This vulnerability exists in the phpBB Module Forum picture and META tags 1.7. It allows an attacker to include arbitrary files by exploiting the 'MOD_forum_fields_parse.php' script, which does not properly declare the 'phpbb_root_path' variable. By manipulating the 'phpbb_root_path' parameter in the URL, an attacker can include any file on the server.
Pluck is prone to multiple file-include and a file-disclosure vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. An attacker can exploit local file-disclosure vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain files. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users.
Services By CQR