Advanced Guestbook is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The phpbb vendor reports that a critical vulnerability exists in the BBCode handling routines of the 'bbcode.php' script. The bbcode [url] tag is not properly sanitized of user-supplied input. This could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site.
A successful attack can result in a crash or arbitrary code execution allowing the attacker to gain unauthorized access to the affected computer. The Tomcat Plugin is enabled by default. 4D WebStar 5.3.3 and 5.4 were reported to be vulnerable. The buffer is copied byte by byte starting from the beginning of the buffer until a NULL byte is reached (or a couple other types of bytes). The buffer is copied from a pointer that resides past the end of the buffer. The buffer can overflow over this pointer, allowing the program to read bytes to wherever it wants. The exploit must restore this pointer or risk reading from null memory, terminating overflow. The pointer is different each time, though it's location in relation to the buffer is static (buffer+1285). The pointer is overwritten byte by byte, meaning that one wrong byte, and we're reading from somewhere else... which can be potentially bad in terms of exploitation. The exploit attempts to overwrite the pointer so that the memory will continue to be overflowed (i.e., do not point into any memory that contains a null byte). Exploit attempts to continue overflowing with return addresses, to overflow where LR is stored. When loop ends and LR is restored, it will return execution into the buffer and into shellcode. Some looping has been added, where BUFADDR is enumerated to try to brute force the overflow because failed servers are respawned.
A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers. By supplying an overly long realm value to the command line options of htdigest, it is possible to trigger an overflow condition. This may cause memory to be corrupted with attacker-specified values. This issue could be exploited by a remote attacker; potentially resulting in the execution of arbitrary system commands within the context of the web server process.
CJ Ultra Plus is prone to an SQL injection vulnerability. This issue affects the 'out.php' script and could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
MegaBook is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
It is reported that an attacker can exploit this issue to detect the presence of files on a computer and potentially cause a denial of service condition. A successful attack may aid in further attacks against the system or lead to a crash due to resource exhaustion.
MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Oracle 9i/10g Database is prone to a logging failure vulnerability that exists in Fine Grained Audit (FGA) functionality. Reports indicate that FGA may be disabled inadvertently, without notifying the database administrator. This results in FGA failing to log queries subsequent to the logging failure, this occurs for all database users and may result in a false sense of security.
Services By CQR