SAP Business Connector is prone to a file-access/deletion vulnerability. This issue arises due to an access-validation error. A successful attack will result in the disclosure of sensitive or privileged information. An attacker may also delete arbitrary files. This often occurs with superuser privileges, since the package is often run with elevated privileges to gain access to TCP ports lower than 1024.
Nokia N70 is reportedly prone to a remote denial-of-service vulnerability. A successful attack can allow an attacker to corrupt memory and to trigger a denial-of-service condition. Arbitrary code execution may be possible as well, but this has not been confirmed.
My Blog is prone to an HTML-injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected site, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Mantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
RunCMS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. These may facilitate a compromise of the application and the underlying system; other attacks are also possible.
sNews is prone to multiple input-validation vulnerabilities due to a failure in the application to properly sanitize user-supplied input. This could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation.
sNews is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation. Other attacks are possible as well.
PHP Classifieds is prone to an SQL-injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to bypass the authentication mechanism and gain access as an arbitrary user. A proof of concept is available which uses the following input: email@example.com' -- '
Isode M-Vault Server is prone to a memory corruption. This issue may be triggered by malformed LDAP data. The exact impact of this vulnerability is not known at this time. Although the issue is known to crash the server, the possibility of remote code execution is unconfirmed.
Services By CQR