427BB is reportedly affected by multiple remote HTML injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
A remote script injection vulnerability affects CutePHP CuteNews. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. An attacker may leverage this issue to inject arbitrary server-side scripts locally and client-side scripts remotely, potentially facilitating code execution with the privileges of the affected Web server and cross-site scripting attacks.
Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. An attacker may leverage these issues to manipulate and view arbitrary database contents (by exploiting various SQL-injection issues) and to run arbitrary script code in the browser of an unsuspecting user (by exploiting multiple cross-site scripting vulnerabilities).
Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. An attacker may leverage these issues to manipulate and view arbitrary database contents (by exploiting various SQL-injection issues) and to run arbitrary script code in the browser of an unsuspecting user (by exploiting multiple cross-site scripting vulnerabilities). Examples of vulnerable URLs include http://www.example.com/phpcoin/mod.php?mod=helpdesk&mode=new and http://www.example.com/phpcoin/mod.php?mod=mail&mode=reset&w=user, which can be exploited by appending malicious JavaScript code to the URL.
PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. It is reported that issue presents itself when malicious SQL syntax is issued to the application through the 'show' variable.
Scrapland game server is reported prone to various denial of service vulnerabilities. These issues present themselves because the application fails to handle exceptional conditions. It is reported that the game server crashes when handling various errors.
This exploit is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any known account including the administrator account.
phpBB is affected by an authentication bypass vulnerability due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any known account including the administrator account. The vendor has addressed this issue in phpBB 2.0.13.
A remote buffer overflow vulnerability affects Stormy Studios KNet. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. An attacker may leverage this issue to execute arbitrary code on a computer with the privileges of the affected server, facilitating unauthorized access.
Gaim is affected by a denial of service vulnerability during the download of a file. This issue can allow remote attackers to cause an affected client to fail. A vulnerablity in the client arises when it tries to download a file with bracket characters '(' ')' in the file name.
Services By CQR
