IBM Lotus Domino iNotes is prone to multiple HTML- and script-injection vulnerabilities. These vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials. A proof of concept example for the issue exploited through a 'javascript:' URI is available: <a href="java script:alert('Vulnerable!');">Link</a> Successful exploitation of this issue may allow attackers to execute arbitrary HTML and script code in the context of the affected application. This may facilitate unauthorized access or privilege escalation.
These vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials. Proof of concept for the email subject field script injection: </TITLE><SCRIPT>alert("Vulnerable!");</SCRIPT>
Papoo is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
PwsPHP is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
GA's Forum Light is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
CPAINT is prone to a cross-site scripting vulnerability. This issue affects the 'type.php' script and may facilitate the theft of cookie-based authentication credentials as well as other attacks.
SPIP is prone to a remote command-execution vulnerability due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP commands on an affected computer with the privileges of the webserver process. Successful exploitation could facilitate unauthorized access; other attacks are also possible.
Sun ONE Directory Server is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to handle malformed network traffic. This issue allows remote attackers to crash the application, denying service to legitimate users.
The vwdev application is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypass authentication, modify data, or exploit vulnerabilities in the underlying database implementation. Other attacks may also be possible.
Whomp! Real Estate Manager is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Services By CQR
