OneWorldStore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTION_NAME' parameter is vulnerable. Packages that employ this parameter execute with 'SYS' user privileges. Exploiting the SQL-injection vulnerability can allow an attacker to gain 'SYS' privileges. The attacker can exploit this issue using malformed PL/SQL statements to pass unauthorized SQL statements to the database. A successful exploit could allow the attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Knowledge Base Module is affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
A remote file include vulnerability exists in Amazonia Mod, a phpbb forum, which allows an attacker to execute arbitrary code on the vulnerable server. The vulnerability is due to the 'includes/functions_amazonia.php' script not properly sanitizing user-supplied input to the 'phpbb_root_path' parameter. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL in the 'phpbb_root_path' parameter, resulting in arbitrary code execution.
eGroupWare is prone to multiple input validation vulnerabilities due to a failure of the application to properly validate user-supplied input. These issues result in cross-site scripting and SQL injection attacks. An example of a vulnerable URL is http://egroupware/index.php?menuaction=preferences.uicategories.index&cats_app=foobar[SQL].
A remote cross-site scripting vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
A remote file include vulnerability affects Ariadne CMS. This issue is due to a failure of the application to validate critical parameters before using them in a 'require_once()' function call. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
PHP-Nuke is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Services By CQR