MyNews is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
LivePublish is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
A remote file include vulnerability exists in KISGB (Keep It Simple Guest Book) [default_path_for_themes] due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it in the context of the web server process. The vulnerable code is located in the authenticate.php file, where the variable $default_path_for_themes is not properly sanitized before being used in a require() call. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary remote file URL in the default_path_for_themes parameter.
Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error. An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application. The vendor reports this issue can also be exploited through use of UNC navigation to execute arbitrary remote code. This may facilitate a remote compromise of the affected computer.
A vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (crash) via a format string specifier in the USER command.
Web Wiz Forums is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to spoof the contents of the Navigation canceled page, steal cookie-based authentication credentials, and obtain other sensitive information. Successful exploits may assist in phishing or other attacks that rely on content spoofing.
Microsoft Windows is prone to a denial-of-service vulnerability. A remote attacker may exploit this vulnerability by presenting a malicious WAV file to a victim user. Successful exploits will result in excessive CPU consumption, effectively denying service.
FiSH is prone to multiple remote buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
Services By CQR