GA's Forum Light is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
CPAINT is prone to a cross-site scripting vulnerability. This issue affects the 'type.php' script and may facilitate the theft of cookie-based authentication credentials as well as other attacks.
SPIP is prone to a remote command-execution vulnerability due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP commands on an affected computer with the privileges of the webserver process. Successful exploitation could facilitate unauthorized access; other attacks are also possible.
Sun ONE Directory Server is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to handle malformed network traffic. This issue allows remote attackers to crash the application, denying service to legitimate users.
The vwdev application is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypass authentication, modify data, or exploit vulnerabilities in the underlying database implementation. Other attacks may also be possible.
Whomp! Real Estate Manager is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
QNX is susceptible to multiple local vulnerabilities. These issues include multiple buffer-overflow vulnerabilities, a format-string vulnerability, an insecure library-path vulnerability, insecure default-directory-permission vulnerability, and a denial-of-service vulnerability. These issues allow local attackers to execute arbitrary machine code and commands with superuser privileges, facilitating the complete compromise of affected computers. Attackers may also crash affected computers, denying service to legitimate users. To exploit the denial-of-service vulnerability, the following command is reportedly sufficient: echo -e "break *0xb032d59fnrncontncont" | gdb gdb
The eyeOS system is prone to a remote command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary commands in the context of the webserver process.
Tivoli Access Manager Plugin for Web Servers is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks; other attacks are also possible. Note that the attacker must be an authenticated user to exploit this vulnerability.
CyberShop Ultimate E-commerce is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Services By CQR