A vulnerability in Yahoo! Messenger allows remote attackers to spoof file extensions. This issue is due to a design error. An attacker may leverage this issue to spoof downloaded filenames to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences.
Applications running pswd.js are prone to an insecure password-hash weakness. This issue is due to a design flaw that results in password hashes being created in an insecure manner. This issue allows attackers to use precomputed password hashes in brute-force attacks and authenticate themselves against the vulnerable application running the script. A successful exploit of this issue may lead to other attacks.
anychart is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Vwar is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. These issues occur because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Vwar is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. These issues occur because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Blackboard products are prone to multiple HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
TinyPHPForum is prone to an information-disclosure vulnerability. This issue arises when a script allows a remote untrusted source to change a victim user's email address, and have their login credentials returned to an attacker. Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.
Spam Firewall is prone to multiple vulnerabilities, including a directory-traversal issue, access-validation issue, and a remote command-execution issue. A remote attacker can exploit these issues to gain access to potentially sensitive information and execute commands in the context of the affected application.
GuestBook is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
FAQ Script is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
Services By CQR