The Mambo EstateAgent component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
DieselPay is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Multiple cross-site scripting vulnerabilities affect Job Site because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Mambo Display MOSBot Manager component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Submit a forged POST request to topic_post.php?action=post&fid={forum ID here} with the following as the POST data: form_sent=1&form_user={username here}&req_subject=Subject&req_message=Message&submit=1&icon_topic=[SQL]. Successful exploitation leads would lead to the SQL query in the icon_topic parameter being run.
Roxio Toast is prone to a local privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. As a result, local users may set their own search path for external applications that are called by setuid programs that are included in Roxio Toast. This issue allows local attackers to gain superuser privileges, resulting in a complete compromise of affected computers. This issue affects the DejaVu component that is installed by default in a standard installation of the vulnerable application. DejaVu is a third-party component that is maintained by Propaganda Productions. Roxio Toast version 7 Titanium includes the vulnerable component; other versions may also be affected.
The Mambo Rssxt component for Joomla and Mambo is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
The lmtg_myhomepage component for Mambo is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Blog:CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Microsoft Internet Explorer is prone to a denial-of-service vulnerability that occurs when instantiating Visual Studio COM objects. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls, resulting in denial-of-service conditions. Remote code execution may be possible, but this has not been confirmed.
Services By CQR