Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities. The application reportedly allows remote attackers to upload arbitrary HTML files and script code to the application. Another vulnerability allows attackers to trick users into downloading potentially malicious files. An attacker may also disclose sensitive information about the server by sending specially crafted HTTP GET requests.
The PHPNuke Pool and News Modules are prone to an HTML injection vulnerability. This issue is due to a failure in the application modules to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
The XOOPS Pool Module is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Example proof-of-concept code has been provided: navigate to http://www.example.com/modules.php?name=Search and type in s%') UNION SELECT 0,user_id,username,user_password,0,0,0,0,0,0 FROM nuke_users/*
A local attacker with the ability to run Python scripts can exploit this vulnerability to gain access to an interactive Python prompt. That attacker may then execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.
Microsoft Excel is susceptible to a code-execution vulnerability. The issue presents itself when Excel tries to process malformed or corrupted XLS files. Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application.
427BB is prone to an authentication bypass vulnerability. This issue is due to a failure in the application to properly validate user-supplied data. An attacker can exploit this issue to bypass the authentication mechanism and gain access to the affected application as an administrative user. This may facilitate a compromise of the underlying system; other attacks are also possible.
Venom Board is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
427BB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Microsoft Windows WMF graphics-rendering engine is affected by multiple memory-corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions. These problems present themselves when a user views a malicious WMF-formatted file containing specially crafted data. Reports indicate that these issues lead to a denial-of-service condition.
Services By CQR