Multiple remote cross-site scripting vulnerabilities affect PHP Arena PaFileDB. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote cross-site scripting vulnerability affects YaBB. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
An attacker can browse the directory tree and disclose sensitive information, rename arbitrary objects, and delete arbitrary objects. All versions of Participate Enterprise are considered vulnerable.
It has been reported that a remote buffer overflow vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. It is likely that the attacker must be in the contact list of an unsuspecting user to exploit this issue. An attacker may leverage this issue to execute arbitrary code in the context of an unsuspecting user running a vulnerable version of the affected application.
Oracle Database server is reported to be vulnerable to multiple directory traversal vulnerabilities that may allow a remote attacker to read, write, or rename arbitrary files with the privileges of the Oracle Database server. This is due to a lack of sufficient input validation performed on filenames and paths passed to file processing functions, and may allow a malicious SQL query to traverse outside of a directory that is described in an Oracle directory object. Examples of malicious SQL queries are provided in the text.
Hosting Controller is reported prone to multiple information disclosure vulnerabilities. These issues can allow an attacker to disclose sensitive information, which may be used to carry out further attacks against a computer. An attacker can access a sensitive file to enumerate domain names of all hosted domains. Another issue affecting the application may allow remote users to disclose an administrator's email address.
phpWebLog is prone to remote file include vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include_once()' function call. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
A remote buffer overflow vulnerability affects JoWood Chaser. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. An attacker may leverage this issue to execute arbitrary code in affected clients or trigger a denial of service condition in affected servers.
Ca3DE is reported prone to multiple remote vulnerabilities. An attacker can exploit these issues to carry out format string and denial of service attacks. It is reported that all commands accepted by the server are affected by format string vulnerabilities. A successful attack may result in crashing the application or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the application. The application is also affected by a remote denial of service vulnerability.
Services By CQR
