RunCMS is reportedly affected by an information disclosure vulnerability. This issue is due to a failure in the application to secure sensitive information. Exploitation of this vulnerability could lead to the disclosure of database configuration details, including the database name, user name and password.
PHPOpenChat is reportedly affected by multiple remote HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
The Linux kernel is reported prone to multiple vulnerabilities that occur because of 'range-checking flaws' present in the ISO9660 handling routines. An attacker may exploit these issues to trigger kernel-based memory corruption. Ultimately, the attacker may be able to execute arbitrary malicious code with ring-zero privileges.
Subdreamer is prone to an SQL injection vulnerability. Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. Subdreamer Light is reported to be affected by this issue. All versions of Subdreamer Light are considered to be vulnerable at the moment.
ACS Blog is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script.
This vulnerability is due to a failure of the application to securely copy data from malformed EMF image files. An attacker may leverage this issue to trigger a denial of service condition in software implementing the vulnerable library. Other attacks may also be possible.
PunBB is reportedly affected by multiple HTML injection vulnerabilities. An attacker could exploit this issue to control how the site is rendered to the user; other attacks are also possible such as the theft of cookie-based authentication credentials.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
It is reported that VoteBox is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input to the 'votebox.php' script. Remote attackers could potentially exploit this issue to include and execute a remote malicious PHP script.
Services By CQR