ICT Protege GX/WX version 2.08 suffers from a client-side SHA1 password hash disclosure vulnerability.
f203bc1b35e3b9d44818d0680ff7a367ed1eac4fa488fe060a5c8a1fec93d479ICT Protege GX/WX version 2.08 suffers from a persistent cross site scripting vulnerability.
0761967ed7f26d12def00046c1c81a51292379f6aee38f2875fd95654cb59e1aXAMPP suffers from multiple cross site scripting issues in several scripts that use the 'PHP_SELF' variable. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.
ae86da0652f8c09783eb8bc4f705626d86610066456102912826b1a3357b4defSetSeed CMS version 5.8.20 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.
2c7d6fde362078986308ded7ffb7656180b3a2a54c0736c861bf3fe6f0c9453cvtiger CRM version 5.2.1 suffers from a cross site scripting vulnerability when parsing user input to the _operation and search parameters in the /modules/mobile/index.php script.
0d29026874a0d4432347cabc827eb094403c710e733c7fac2c1688bc88169e26Cotonti CMS version 0.9.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
b78c131af15357169e90a8032c9b2b2eab261a641f5750e9c8d881852f3be7e0Ashampoo Burning Studio Elements version 10.0.9 suffers from a heap overflow vulnerability. It fails to properly sanitize user supplied input when parsing .ashprj project file formats resulting in a crash corrupting the heap-based memory. The attacker can use this scenario to lure unsuspecting users to open malicious crafted .ashprj files with a potential for arbitrary code execution on the affected system.
f75aa6cbf3a17f5685e22633550ca4c85791c38d464e76137942ed86c5fbeea8Adobe Photoshop Elements 8 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code on the affected system or denial of service scenario.
de231a932c681e757853f9b30b26ba630e5371c0793ff22cac8c46c88a5791d2Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
0ece8e90a521dbb49857876275b2f7437dfe10ead5f178eb312f800e5e26394bToko Lite CMS version 15.2 suffers from multiple cross site scripting vulnerabilities.
1e375defb0b70ff576bb4ab30105128e41f023f56c06f5adc032a0786038ed7ciGallery plugin version 1.0.0 suffers from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
649c0e5f670adcc02d2f48ac41bb3b9dbf1473ba6e21da4a9bebd40f9b3f7896iManager plugin versions 1.2.8 build 02012008 and below suffer from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
4c4c2b763221737d36a6acfffd6dbb477bc08d64d63061a263200f70c4504d7aiBrowser plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.
2107ed08679b3cadf3a5612f0068b8a88d9524b1ecc47a00f4761fae255d7405iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.
63d8ec3f4d364c44e15e1df3ae54eb79901968d0e854a24fdc9ff42dc237090biManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
d0cf4e6a0566ee44420d01dd97fde3f21f7a6d484e9d9448f4b1f6a0c32cc43ciBrowser plugin version 1.4.1 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to ibrowser.php, loadmsg.php, rfiles.php and symbols.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
a153b7a4a47ff146d91e0d79e554e424553ad4ca1efa41e15eaa049ec8a0b46dMini FTP Server version 1.1 buffer corruption remote denial of service exploit.
b954b66b92fff6c7c4842db209961c835199a37a3c1bb75a49811ee6ddea2b88ManageEngine ServiceDesk Plus version 8.0 suffers from multiple cross site scripting vulnerabilities.
c5e4aace24eeb232523198e9b9fbf7a3b8bc002a0ecc544c0dcfc4d68c940c72ATutor version 2.0.2 suffers from a HTTP response splitting vulnerability.
da8399ab3bad548b518a4945303c6c748c100bc0caaeae91414d81c717c8ce1eATutor version 2.0.2 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
156e8ca29442c39dd68f426ab627536ea459ec2f62caf6d738900896523fcea0ATutor AChecker version 1.2 suffers from cross site scripting and path disclosure vulnerabilities.
f051fdf159320c7c589e285d8b88bea2bf95dbf5dda51944394344650d558b95ATutor AChecker version 1.2 suffers from multiple remote SQL injection vulnerabilities.
69d0f7a89f886464429de2e220cc5aeecc1f9b05cd0e22b446911e96c541b9f1ATutor AContent version 1.1 suffers from a script insertion vulnerability.
a6be43d63054eb477eddea9f0ec640843c438d24439cee3724859cfa283bb118ATutor AContent version 1.1 suffers from multiple cross site scripting vulnerabilities. This also affects version 1.3 as of 2014/01/05.
11f71a7a8fc1b6198d0accd72f3c4a62c57ad812171943bba7e230803cb30effATutor AContent version 1.1 suffers from multiple remote SQL injection vulnerabilities.
f56291915b34b94f96cf88882cc5c3ad29f32c7cd6bb2be6f841ce2ae4b2f103Digital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.
b4e758e765d3c3f1dd3bae0aeac26f05237bd21334ea75852e11273d369ff975
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed