B-FOCuS Router 312+ is affected by a vulnerability that can allow unauthorized attackers to gain access to an affected device. An attacker can disclose the administrator password through the Web interface of the device. This can lead to a complete compromise of the router.
Asn Guestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Pyrox Search is vulnerable to a cross-site scripting vulnerability due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user, which may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A vulnerability exists in Power Phlogger 2.0.9 which allows an attacker to include a remote file by using the 'rel_path' parameter in the config.inc.php3 script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
Greasemonkey is susceptible to multiple remote information disclosure vulnerabilities. These issues are due to a design error allowing insecure JavaScript functions to be executed by remote Web sites. The specified issues exist in the 'GM_xmlhttpRequest()', 'GM_setValue()', and 'GM_scripts()' functions. Other GM_* functions also likely to be affected, but the exact functions are not known at this time. These vulnerabilities allow remote attackers to retrieve the contents of arbitrary files, retrieve directory listings from arbitrary locations, and retrieve the contents of various private Greasemonkey data structures. This aids them in further attacks.
PHPNews is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Navigate to the user logon form. Enter the following string into the Username field: anything' or '1'='1'/* followed by any characters in the Password field.
Form Sender is prone to a cross-site scripting vulnerability due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which the server is executing. It should be noted that this issue may be remotely exploited if an attacker has means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without local access.
Oracle Reports Server is susceptible to an unauthorized report execution vulnerability. By placing a report file in a globally accessible location, users can trigger the execution of the report by issuing an HTTP GET request to the affected servlet containing the full path of the file. Attackers may exploit this vulnerability to execute arbitrary commands, or read/write arbitrary files with the privileges of the Oracle account under which the server is executing. It should be noted that this issue may be remotely exploited if an attacker has means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without local access.
Alt-N MDaemon IMAP Server is affected by a remote buffer overflow vulnerability. This issue presents itself when an attacker submits excessive data through the CREATE command subsequent to authentication. This vulnerability may be leveraged to execute arbitrary code in the context of the server, facilitating unauthorized access to the affected computer.
Services By CQR