PhotoGal is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue will allow an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
PHPAuction is affected by multiple remote vulnerabilities. These issues can allow an attacker to gain unauthorized access to a site and carry out SQL injection and cross-site scripting attacks. An attacker can set a cookie with the name PHPAUCTION_RM_ID and the value of the ID number of the user/admin they want to impersonate to bypass authentication.
Comersus Cart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
pngren is prone to a remote arbitrary command execution vulnerability. Reportedly, this issue arises when the user-specified values are passed to the 'kaiseki.cgi' script. Due to this, an attacker can supply arbitrary commands and have them executed in the context of the server. This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.
CartWIZ is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when downloaded. This can occur without user knowledge, and can be a security risk for certain file types on certain platforms.
The issue arises because the affected phones do not verify the 'Call-ID', 'tag' and 'branch' headers of NOTIFY messages and process spoofed status messages instead of rejecting the messages.
Novell NetMail email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically, when the email message is viewed. A successful attack may allow the attacker to obtain session cookies and carry out other attacks.
GNU GNATS gen-index allows local attackers to disclose and overwrite arbitrary files. A successful attack can result in privilege escalation and a complete compromise of the affected computer as gen-index is installed with setuid permissions. An attacker can use the gen-index command to overwrite files with arbitrary content.
McAfee IntruShield Security Management System is susceptible to multiple vulnerabilities. The first two issues are cross-site scripting vulnerabilities in the 'intruvert/jsp/systemHealth/SystemEvent.jsp' script. These issues are due to a failure of the application to properly sanitize user-supplied data prior to utilizing it in dynamically generated HTML. The next two issues are authorization bypass vulnerabilities leading to information disclosure and the ability to acknowledge, de-acknowledge, and delete security alerts. These vulnerabilities require a valid user account in the affected application.
Services By CQR
