The vulnerabilities in EarlyImpact ProductCart allow for SQL injection, cross-site scripting, and cryptographic weaknesses. These issues could lead to the exposure of sensitive data, execution of hostile script code, and HTML. The exploitation of these vulnerabilities could result in a full compromise of the software.
The Limbo <= 1.0.4.2L 'com_contact' component allows remote attackers to execute arbitrary commands via the contact_attach parameter in a POST request to index.php. This vulnerability can be exploited by uploading a file with a specially crafted filename to the server, allowing the attacker to execute arbitrary commands.
PHPNuke is prone to a SQL injection vulnerability due to insufficient sanitization of user-supplied input. The vulnerability exists in the $category variable within the 'index.php' page.
Resin is prone to an information disclosure vulnerability that may allow an attacker to disclose directory listings by passing malicious data via a URI parameter.
A problem in the handling of specially crafted UUEncoded messages in ClamAV allows an attacker to prevent the delivery of e-mail to users.
The vulnerabilities allow attackers to perform cross-site scripting attacks, inject HTML code, and hijack user accounts using specially crafted cookies. An attacker can exploit these vulnerabilities by sending malicious requests to the affected PHPX server.
X-Cart is prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of the application to sanitize values specified by parameters in the URI.
A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a malformed request, a malevolent user may be able to force the server to crash, denying service to legitimate users.
The RhinoSoft Serv-U FTP Server is prone to a buffer overflow vulnerability. This vulnerability occurs when a 'site chmod' command is issued on a non-existent file with an excessively long filename. This can result in an internal buffer overrun, causing the FTP server to fail and potentially allowing for the execution of arbitrary code.
The McAfee ePolicy Orchestrator agent has a buffer management vulnerability that can be exploited to crash the affected agent and potentially trigger a buffer overflow. The vulnerability exists due to insufficient sanitization of certain values in HTTP POST headers processed by the ePolicy Orchestrator.
Services By CQR