A remote cross-site scripting vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
A remote file include vulnerability affects Ariadne CMS. This issue is due to a failure of the application to validate critical parameters before using them in a 'require_once()' function call. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
PHP-Nuke is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
A race condition vulnerability has been reported in Libsafe 2.0-16 that may allow Libsafe security failsafe mechanisms to be bypassed. This is due to an implementation error in Libsafe that does not present a security risk unless there is a memory corruption vulnerability in a multi-threaded application on an affected computer.
Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, allows attackers to create or overwrite arbitrary files on the system. The problem exists because environment variables are used to create log files. Even when the program is setuid, users can specify a log file that will be created with elevated privileges (CVE-2006-4842).
OneWorldStore is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
sphpBlog is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
All4WWW-Homepagecreator is affected by an arbitrary remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an 'include()' function call. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process.
A remote cross-site scripting vulnerability affects the RSA Security RSA Authentication Agent for Web. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks, due to the nature of the application, bypassing authentication requirements may be possible.
Services By CQR
