Hosting Controller is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Graffiti Forums is prone to an SQL-injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Farsinews is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
phpBB for Mambo is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
RW::Download is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
Microsoft Internet Explorer 6 is reportedly prone to a denial-of-service vulnerability because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. This issue is triggered when an attacker convinces a victim to activate a malicious ActiveX control object. Remote attackers may exploit this issue to crash Internet Explorer 6, effectively denying service to legitimate users. A stack-based heap overflow may be possible; as a result, remote code could run in the context of the user running the affected application. This has not been confirmed.
Webvizyon is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
ATutor is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
ExtCalendar is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users. A proof-of-concept malicious code named 'Trojan.Hongmosa' is actively exploiting this vulnerability, which results in crashing Excel running on Simplified Chinese, Traditional Chinese, Japanese, or Korean Windows. Note that Microsoft Office applications include functionality to embed Office files as objects contained in other Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word documents another possible attack vector.
Services By CQR