yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks. The vendor has not published any specific details about this vulnerability other than stating that it is addressed in the 2.3.2 security release of the software. Examples of vulnerable URLs include http://www.example.com/admin_modules/admin_module_info.inc.php?lang_akt[admin_ainfo_hmain]=[XSS], http://www.example.com/src/index_footer-copyright.inc.php?config[release]=[XSS], and http://www.example.com/src/index_thumbs.inc.php?page[thumb_table_width]=[XSS].
yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts.
phpMyVisites allows attackers to include arbitrary files. While it has been demonstrated that local files may be included through this vulnerability, there is an unconfirmed possibility of remote file inclusion. Exploitation could disclose local files, or in the case of remote file inclusion, let the attacker execute malicious PHP code.
OneWorldStore is prone to an information disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Exploitation of this vulnerability would expose the customer names, as they appear on credit cards, and their addresses to the attacker.
StorePortal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
ImageMagick is vulnerable to a remotely exploitable client-side buffer-overflow vulnerability. This issue occurs because the application fails to properly validate the length of user-supplied strings before copying them into static process buffers. An attacker may exploit this issue to cause the affected application to crash, potentially destroying unsaved data, ultimately denying service to legitimate users.
A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may be leveraged by a local attacker to gain escalated privileges on an affected computer.
A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may be leveraged by a local attacker to gain escalated privileges on an affected computer.
phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Services By CQR