sNews is prone to multiple input-validation vulnerabilities due to a failure in the application to properly sanitize user-supplied input. This could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation.
sNews is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation. Other attacks are possible as well.
PHP Classifieds is prone to an SQL-injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to bypass the authentication mechanism and gain access as an arbitrary user. A proof of concept is available which uses the following input: email@example.com' -- '
Isode M-Vault Server is prone to a memory corruption. This issue may be triggered by malformed LDAP data. The exact impact of this vulnerability is not known at this time. Although the issue is known to crash the server, the possibility of remote code execution is unconfirmed.
eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash. For the negative 'Expires' field issue, an attacker can send an OPTIONS request with an Expires field set to a negative value. For the 'Content-Length' field issue, an attacker can send an INVITE request with a Content-Length field set to a large value.
Gastebuch is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PHPNuke is prone to a cross-site scripting vulnerability. This issue affects the 'header.php' script. An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI. The malicious URI contains malicious HTML and script code that will be executed in the user's browser in the security context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Clever Copy is prone to multiple HTML-injection vulnerabilities due to the application failing to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
XMB Forum is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Successful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
VHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be exploited to gain administrative access to the application; other attacks are also possible. An attacker can exploit this issue by submitting malicious HTML code to the vulnerable application. This code will be executed in the context of the vulnerable application.
Services By CQR
