The Includer is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
ACS Blog is affected by an HTML injection vulnerability. The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user views an affected Web page.
Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. The first set of issues are cross-site scripting vulnerabilities that affect the 'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts. These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content. The second set of issues are SQL injection vulnerabilities that affect the 'showmembers.php' and 'showphoto.php' scripts. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
A remote attacker may exploit this vulnerability to execute arbitrary code on some of the affected platforms in the context of a user that is using the vulnerable Telnet client to connect to a malicious server. The attacker can use a perl command to send a malicious payload to the vulnerable Telnet client.
Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and view arbitrary database contents. phpCoin is also affected by a local file include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. This issue may also be exploited to disclose arbitrary files.
Multiple input validation vulnerabilities reportedly affect Valdersoft Shopping Cart. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'query' parameter of a link. A successful attack may result in various attacks including theft of cookie based authentication credentials.
Tincat is reported prone to a remote buffer overflow vulnerability. It is reported that this issue exists in the function responsible for logging users that have connected to a game server. A successful attack can allow an attacker to gain unauthorized access to a vulnerable computer in the context of a game server.
A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes. A local attacker may leverage this issue to gain escalated privileges on an affected computer.
A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes. A local attacker may leverage this issue to gain escalated privileges on an affected computer.
Services By CQR