Hastymail is prone to an IMAP/SMTP command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An authenticated malicious user could execute arbitrary IMAP/SMTP commands on the affected mail server processes. This may allow the user to send SPAM from the server or to exploit latent vulnerabilities in the underlying system. An example of sending the CREATE IMAP commands to the vulnerable parameter and an SMTP POST relay example from a nonexistant email address is available.
eXpBlog is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
ZABBIX is prone to multiple unspecified remote code-execution vulnerabilities. Reports indicate that these issues facilitate format-string and buffer-overflow attacks. A remote attacker may leverage these vulnerabilities to trigger denial-of-service conditions or to execute arbitrary code to gain unauthorized access to a vulnerable computer. This would occur in the context of the application. ZABBIX version 1.1.2 is reported vulnerable; other versions may be affected as well.
phpWebSite is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Deep CMS is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process.
iSearch is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
PHP Polling Creator is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process.
Moodle is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Interspire FastFind is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Emek Portal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Services By CQR