osTicket is affected by multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied data. An SQL-injection vulnerability could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. A local file-include vulnerability could allow an attacker to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
CyberStrong eShop is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by passing malicious SQL syntax to the vulnerable '10browse.asp' script. It is reported that the attacker may steal eShop authentication information. Other attacks may be possible depending on the capabilities of the underlying database and the nature of the affected query.
FSboard is prone to a directory traversal vulnerability. This could allow a remote attacker to read files outside the Web root. This could only be used to access files to which the Web server has permission.
Community Link Pro is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. Due to this, an attacker can prefix arbitrary commands with the '|' character and have them executed in the context of the server.
imTRBBS is affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'im_trbbs.cgi' script that will be executed in the context of the Web server running the application. This issue is reported to affect imTRBBS version 1.02; other versions may also be vulnerable.
Dynamic Biz Website Builder (QuickWeb) is prone to an SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
BisonFTP is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users. Reports indicate that the issue may be exploited only after successful authentication. A malicious user can send an invalid buffer size to BisonFTPD, resulting in 100% CPU usage or a crash.
Community Server Forums is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
Mensajeitor is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability. Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the scripts the affected server. This issue can ultimately help attackers gain unauthorized access in the context of the webserver.
Services By CQR