vBulletin is prone to multiple SQL injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. An attacker can exploit these issues to compromise the application, disclose or modify data, or exploit vulnerabilities in the underlying database implementation.
EPay Pro is prone to a directory traversal vulnerability due to a lack of proper validation of user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter. Exploitation of this vulnerability could lead to a loss of confidentiality and may aid in further attacks against the underlying system.
Apple Safari is prone to a memory corruption vulnerability. This issue is exposed when the browser opens specific 'data:' URIs, causing the browser to crash. Though unconfirmed, this vulnerability could be exploitable to execute arbitrary code.
Content2Web is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this lack of sanitization to perform SQL injection attacks, cross-site scripting attacks and include local PHP files. It may also be possible to include remote PHP files as well; this has not been confirmed. The consequences of these attacks vary from a compromise of the system, the execution of arbitrary code and the theft of cookie-based authentication credentials, all in the context of the Web server process.
DeluxeBB is prone to multiple SQL injection vulnerabilities due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. This could allow an attacker to exploit vulnerabilities in the underlying database implementation, resulting in a compromise of the application, disclosure or modification of data.
Digital Scribe is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by providing malicious input to the application, which can result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Noah's Classifieds is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
ATutor is prone to a remote information disclosure vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged information. A remote attacker can exploit this vulnerability and make repeated GET requests for the chat logs, effectively retrieving all chat archives. Information obtained may aid an attacker in further attacks.
ATutor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker can exploit this issue by supplying a specially crafted input to the vulnerable application. The attacker can then use the injected SQL to view, modify or delete data from the database.
MIVA Merchant 5 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Services By CQR
