Alt-N MDaemon IMAP Server is affected by a remote format-string vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted printing function. This vulnerability may be leveraged to consume excessive CPU resources or to crash the service. Due to the nature of this issue, remote code execution is likely possible, although this has not been confirmed.
D3Jeeb is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
D3Jeeb is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
MySQL is prone to a query-logging-bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in the 'mysql_real_query()' function and in the query-logging functionality. This issue allows attackers to bypass the query-logging functionality of the database so they can cause malicious SQL queries to be improperly logged. This may help them hide the traces of their malicious activity from administrators.
DirectContact is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
Archangel Weblog is prone to an authentication-bypass vulnerability. This issue is due to a failure in the application to properly validate user-supplied data. An attacker can exploit this issue to bypass the authentication mechanism and gain access to the affected application as an administrative user. This may facilitate a compromise of the underlying system; other attacks are also possible.
Woltlab Burning Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Fantastic News is prone to an SQL-injection vulnerability. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The SpeedTouch 500 series are prone to a cross-site scripting vulnerability due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the compromise of the device.
Services By CQR