Amazon Webstore is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Amazon Webstore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. The issue affects the 'cache_dump_file' parameter of the 'webcacheadmin' script.
Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability. The issue exists because dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an absolute path to any target file. If this URI is followed by a user with sufficient privileges, garbage data is appended to the end of the specified file.
It is possible to configure a list of forbidden URIs in Oracle HTTP Server (OHS) using 'mod_access'. However, reports indicate that the Oracle Webcache client may be used to access URIs regardless of the restrictions outlined in OHS 'mod_access'. The following URLs are NOT protected if you access them via Webcache: http://example.com:7778/dmsoc4j/AggreSpy?format=metrictable&nountype=ohs_child&orderby=Name, http://example.com:7778/server-status, http://example.com:7778/dms0. The following URLs are protected: http://example.com:7779/dmsoc4j/AggreSpy?format=metrictable&nountype=ohs_child&orderby=Name, http://example.com:7779/server-status, http://example.com:7779/dms0.
The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality. This is due to a directory traversal issue that will permit a remote user to execute any program on the affected computer. An unauthenticated, remote attacker may leverage this issue to execute arbitrary commands on an affected computer with Local System privileges on the Microsoft Windows platform and elevated privileges on UNIX-based platforms.
Koobi CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
An attacker may leverage this issue to gain SYSTEM level privileges on an affected computer by using a malicious code to find the window of the Altiris Client Service and show it.
An attacker may exploit these issues to manipulate SQL queries to the underlying database, have arbitrary script code executed in the browser of an unsuspecting user, and execute arbitrary server-side scripts with the privileges of an affected Web server. This may facilitate the theft of sensitive information, potentially including authentication credentials, data corruption, and a compromise of the affected computer.
Services By CQR