PHP Poll Creator is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Active News Manager is prone to an SQL injection vulnerability. This issue affects the 'login.asp' script. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker can gain unauthorized access to an affected site.
Sun JavaMail is prone to multiple information disclosure vulnerabilities. The issues exist due to a lack of sufficient input sanitization performed on user-supplied requests. The first issue allows a remote attacker to reveal the contents of email attachments of other users. The second issue allows a remote attacker to download and peruse arbitrary files with the privileges of the affected service. A remote attacker may exploit these issues to disclose potentially sensitive information that could be used to aid in further attacks.
Spread The Word is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Spread The Word is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The Halo Game Server is prone to a denial-of-service condition. The issue arises when malformed data is sent to the game server, causing it to enter an infinite loop.
Blue Coat Reporter is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
A remote authenticated user can manipulate the form for adding new users and create a new user with administrator access.
Sambar Server administrative interface does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user. All code will be executed within the context of the Web site running Sambar Server. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the Web site running the vulnerable software.
GForge is affected by a remote command execution vulnerability. This issue arises because the application fails to sanitize user-supplied data passed through URI parameters. An attacker can supply arbitrary shell commands through the affected parameter to be executed in the context of the affected server.
Services By CQR