Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include()' function call. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process.
Sun Solaris is prone to a local information-disclosure vulnerability. This issue allows local attackers to gain access to potentially sensitive information that may aid them in further attacks. The following proof of concept is available: /usr/ucb/ps -auxgeww Successful exploitation of this issue may lead to a loss of confidentiality.
An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks by sending a malicious HTTP request header containing a script tag with an alert statement.
RedBLoG is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Paid Mail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Microsoft Windows 2000 is prone to multiple memory-corruption vulnerabilities that are related to the instantiation of COM objects. These issues may be remotely triggered through Internet Explorer. The vulnerabilities arise because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls. This may result in arbitrary code execution, but this has not been confirmed.
Microsoft Internet Explorer is prone to multiple denial-of-service vulnerabilities that occur when instantiating COM objects. The vulnerabilities arise because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls, resulting in denial-of-service conditions. Remote code execution may be possible, but this has not been confirmed.
Smart Traffic is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Multiple remote file-include vulnerabilities affect the Content Management module for PHProjekt because the application fails to properly sanitize user-supplied input before using it in a PHP 'include()' function call. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process.
ToendaCMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Services By CQR