phpAdsNew is reportedly affected by a remote cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it in a SQL query. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Mozilla Suite/Firefox and Thunderbird are reported prone to a URI obfuscation weakness. The issue is reported to manifest when 'Save Link As...' functionality is invoked on an malicious anchor tag. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present downloads to users that seem to originate from a trusted location. This may facilitate attacks based on this false sense of trust.
HolaCMS is prone to a vulnerability that may allow remote users to corrupt files on the server. An attacker can bypass the fix introduced in HolaCMS 1.4.9-1 by including directory traversal sequences in the path to a target file.
paBox is reportedly affected by a HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
PlatinumFTPServer is prone to a denial-of-service vulnerability. This issue is reported to occur when a remote user makes 50 or more connections that attempt to authenticate with a malformed user name.
Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts. Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database.
MySQL is reported prone to multiple vulnerabilities that can be exploited by a remote authenticated attacker. The first vulnerability is an insecure temporary file-creation vulnerability, which can be exploited by an attacker with 'CREATE TEMPORARY TABLE' privileges on an affected installation to corrupt files with the privileges of the MySQL process. The second vulnerability is an input-validation vulnerability, which can be exploited by remote attackers with INSERT and DELETE privileges on the 'mysql' administrative database to load and execute a malicious library in the context of the MySQL process. The third vulnerability is a remote arbitrary-code execution vulnerability, which can be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions to control sensitive data structures. This issue may be exploited to execute arbitrary code in the context of the database process.
MySQL is reported prone to multiple vulnerabilities that can be exploited by a remote authenticated attacker. The following individual issues are reported: Insecure temporary file-creation vulnerability, Input-validation vulnerability, Remote arbitrary-code execution vulnerability. These issues are reported to exist in MySQL versions prior to MySQL 4.0.24 and 4.1.10a.
Services By CQR