Quickie is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
WoW Roster is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit may allow unauthorized users to execute remote PHP scripts; other attacks are also possible.
Help Center Live is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
TinyPHPForum is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
VMware ESX is prone to multiple information-disclosure vulnerabilities. These issues are due to a design error in the application. The first vulnerability could disclose the session ID, username, and password if an attacker can access session cookies used by the management interface. The second vulnerability could expose authentication credentials to local users on the computer hosting the VMWare ESX Server. This vulnerability occurs because authentication credentials are also handled insecurely by the VMWare ESX management interface.
myEvent is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
Moskool is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
Seir Anphin V666 Community Management System is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. A successful attack could allow an attacker to compromise the software, access or modify data, or exploit vulnerabilities in the underlying database implementation.
PHP MySQL Banner Exchange is prone to multiple SQL-injection vulnerabilities and a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. An attacker may also leverage the remote file-include issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process.
AJAX Chat is prone to both a directory-traversal vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the directory-traversal issue to retrieve arbitrary files from the vulnerable system in the context of the affected application. The attacker may also leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Services By CQR