MyBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
An attacker can prefix arbitrary commands with the '|' character, supply them through a URI parameter and have them executed in the context of the server.
Looking Glass is prone to a cross-site scripting vulnerability. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possible.
phpWebNotes is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
SqWebMail is affected by a vulnerability that may allow remote attackers to inject and execute arbitrary script code in a user's browser. This may allow for various attacks including session hijacking due to the theft of user credentials.
Astaro Security Linux is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer. This weakness may be combined with other attacks to exploit latent vulnerabilities. An attacker can bypass access controls implemented by the application through this attack. To exploit this vulnerability, an attacker can connect to TCP port 8080 and enter the command CONNECT localhost:80 HTTP/1.0
Foojan PHPWeblog is prone to an HTML injection vulnerability due to a lack of proper sanitization of user-supplied input. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
BEA WebLogic administration console is prone to cross-site scripting attacks. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. An attacker can make a HTTP request containing XSS code to a target Web server, login into the Administration console, go to the menu 'Network configurations/servers/myserver/', click on 'View server log' and search for the string GomoR and click on the BEA-id event.
QNX RTOS is susceptible to a local arbitrary file disclosure vulnerability. This issue is due to a failure of the 'inputtrap' utility to properly implement access control restrictions. This vulnerability allows local malicious users to gain access to the contents of arbitrary files with superuser privileges, aiding them in further attacks.
LeapFTP client is prone to a remote buffer overflow vulnerability. The issue arises when the client handles a malformed LeapFTP Site Queue (.lsq) file. A remote attacker may gain unauthorized access in the context of the user running the application.