KDE KMail is vulnerable to a remote email message content spoofing vulnerability due to a failure of the application to properly sanitize HTML email messages. An attacker may leverage this issue to spoof email content and various header fields of email messages. This may aid an attacker in conducting phishing and social engineering attacks by spoofing PGP keys as well as other critical information.
AzDGDatingPlatinum is reported prone to multiple vulnerabilities, including multiple SQL-injection vulnerabilities which could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Additionally, a cross-site scripting issue is present, which could allow an attacker to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
RadBids Gold is reported prone to multiple vulnerabilities. These issues include arbitrary file disclosure, cross-site scripting, and SQL injection. A remote attacker can disclose arbitrary files. Information gathered through this issue may allow the attacker to carry out other attacks against an affected computer. The application is affected by a SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. Multiple cross-site scripting issues have been identified as well. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PostNuke Phoenix is vulnerable to a remote SQL injection vulnerability due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker can exploit this vulnerability to manipulate SQL queries to the underlying database, potentially leading to the theft of sensitive information, including authentication credentials, and data corruption.
A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs may result in concealing attacks and/or misleading an administrator. This issue can also be exploited to carry out other attacks such as the execution of certain BAT file commands. This can result in the disclosure of source code and text files. This issue may also aid in the exploitation of the vulnerability described in BID 13066 (AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability).
AN HTTPD is reported prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself in 'cmdIS.DLL' which calls the 'GetEnvironmentStrings' function to copy environment variables into a finite sized process buffer. The attacker can issue a malformed HTTP GET command including excessive data as a value for an affected HTTP header to trigger the overflow. This can lead to arbitrary code execution, allowing the attacker to gain unauthorized access in the context of the Web server.
gr_osview is prone to an information disclosure vulnerability, which can be exploited by a local attacker to obtain sensitive information such as exposing an administrator's password hash. This issue has been confirmed in SGI IRIX 6.5.22 maintenance release, and other versions of IRIX may be vulnerable as well. The attacker can exploit this vulnerability by running the command 'gr_osview -d -D /etc/shadow'.
The Web_Links module of PHP-Nuke is affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
A remote authentication bypass vulnerability affects Linksys WET11. This issue is due to a failure of the application to validate authentication credentials when processing password change requests. An attacker may leverage this issue to arbitrarily change the administration password of an affected device, facilitating a complete compromise of the device.
Services By CQR
