Domain Manager Pro is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A vulnerability exists in Uber Project Document Management System (secure.php) which allows a remote attacker to include a file from a remote host. This is due to the application not properly sanitizing user-supplied input to the 'cfg[homepath]' parameter in 'secure.php'. An attacker can exploit this vulnerability to include arbitrary files from remote hosts resulting in arbitrary code execution on the vulnerable system.
Zomplog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to disclose the contents of any Web accessible script. Information obtained may aid in further attacks. An attacker can retrieve a directory listing of any Web accessible folders. Information obtained may aid in further attacks. An attacker can perform cross-site scripting attacks. This may be leveraged to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a denial of service vulnerability. The vulnerability exists in the TIP (Transaction Internet Protocol) functionality that is provided by MSDTC. This vulnerability may be exploited by a remote attacker to deny the availability of services that depend on MSDTC. This issue only exists on operating systems that have support for the TIP protocol enabled. This vulnerability is remotely exploitable on default configurations on Windows 2000. TIP is not enabled by default on Windows XP and Windows Server 2003 even if the MSDTC service is running.
Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Oracle iSQL*PLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a specific HTTP request, remote attackers may cause the affected application to stop the TNS Listener.
Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. An attacker can leverage these issues to execute SQL statements in the context of an affected user as well.
TellMe is prone to multiple cross-site scripting vulnerabilities due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The Pairwise Master Key (PMK) of the Wi-Fi Protected Access (WPA) preshared key authentication and the WEP keys of the interface may be obtained by a local unauthorized attacker. A successful attack can allow an attacker to obtain the keys and subsequently gain unauthorized access to a device.
Services By CQR