A malicious ActiveX control could allow an attacker to obtain the contents of a vulnerable user's Windows Address Book.
Frox is prone to a vulnerability that permits read access to arbitrary files. Successful exploitation of this vulnerability will grant the attacker read access to arbitrary files on the system in the security context of the Frox process. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
CMS Made Simple is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
Indiatimes Messenger is reported prone to a remote buffer overflow vulnerability. A successful attack may trigger a crash in the client or lead to arbitrary code execution. The attacker may then gain unauthorized remote access in the context of the user running the application. A malicious script can be used to exploit this vulnerability.
FlatNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
FlatNuke is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter. Exploitation of this vulnerability could lead to a loss of confidentiality. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
phpldapadmin is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. phpldapadmin is prone to a directory traversal vulnerability. An attacker can exploit this vulnerability to retrieve arbitrary files on the vulnerable system in the security context of the Web server process. Information obtained may aid in further attacks against the underlying system; other attacks are also possible. phpldapadmin is prone to a remote file include vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP script code in the security context of the Web server process. phpldapadmin is also prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
BFCC and BFVCC server managers are vulnerable to multiple remote vulnerabilities. The first two issues are login bypass vulnerabilities. These issues allow remote, anonymous attackers to gain access to the affected server process. The third issue is a design error whereby the server application implements access controls, privileges, and other commands in the client-side of the connection. This allows remote attackers to gain full administrative access to the affected application. The fourth issue is a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle multiple connections. These vulnerabilities allow remote attackers to gain administrative access in the affected server application, and to deny further access to the application.
PHP-Fusion is prone to a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
AutoLinks Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
Services By CQR