PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPost PHP Pro. These issues are due to a failure of the application to validate access rights and user-supplied input. The first issue is an access validation issue that may allow attackers to manipulate images uploaded by arbitrary users. The second issue is a cross-site scripting vulnerability. An attacker may leverage these issues to execute script code in an unsuspecting user's browser and to bypass authentication to execute certain application commands.
Active Webcam webserver is reported prone to multiple vulnerabilities. The first issue, a denial of service is reported to manifest when a request is received for a file that exists on a floppy drive. A remote attacker may exploit this issue to deny service for legitimate users. A denial of service is reported to exist when the 'Filelist.html' file is requested. A remote attacker may exploit this issue to deny service for legitimate users. An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software. A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer. An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a request for a file depending on whether the file exists or not. A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.
Zorum is a freely available, open source Web-based forum application implemented in PHP. It is vulnerable to multiple remote vulnerabilities due to a failure of the application to validate access rights and user-supplied input. An attacker may leverage these issues to execute script code in an unsuspecting user's browser, to manipulate SQL queries and to bypass authentication requirements.
A remote format string vulnerability affects XPand Rally. This issue is due to a failure of the application to securely call a formatted printing function. An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that activated the vulnerable server or client application.
A Local integer overflow vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to properly handle user-supplied size values. An attacker may leverage this issue to overwrite low kernel memory. This may potentially facilitate privilege escalation.
NewsScript is reported to be prone to an access validation vulnerability, which may allow an unauthorized attacker to add, modify and delete messages. This can be exploited by issuing a specially crafted HTTP GET request for the 'newsscript.pl' script to bypass access checks and carry out administrative tasks.
Multiple remote cross-site scripting vulnerabilities affect PHP Arena PaFileDB. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote cross-site scripting vulnerability affects YaBB. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
An attacker can browse the directory tree and disclose sensitive information, rename arbitrary objects, and delete arbitrary objects. All versions of Participate Enterprise are considered vulnerable.
It has been reported that a remote buffer overflow vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. It is likely that the attacker must be in the contact list of an unsuspecting user to exploit this issue. An attacker may leverage this issue to execute arbitrary code in the context of an unsuspecting user running a vulnerable version of the affected application.
Services By CQR