pcAnywhere is vulnerable to a buffer overflow vulnerability. Because the flaw can be triggered prior to authentication, the vulnerability is exploitable by remote attackers without valid credentials. It is confirmed that the vulnerability can be exploited to cause a denial of service. Supported versions 11.0.1 and 11.5.1 are confirmed affected. Previous versions are vulnerable and users are advised to upgrade to the latest supported version.
Simple Document Management System (SDMS) is prone to SQL injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. This could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
UGroup is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Softbiz Resource Repository Script is prone to SQL injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. This could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Zainu is prone to SQL injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. This could allow an attacker to exploit vulnerabilities in the underlying database implementation, resulting in a compromise of the application, disclosure or modification of data.
phpGreetz is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible.
A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks. The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.
WSN Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Nuke ET is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. Insert the following into the 'query' field of http://www.example.com/modules.php?name=Search: s%') UNION SELECT 0,user_id,username,user_password,0,0,0,0,0,0 FROM nuke_users/*
Services By CQR