D-Forum is reportedly affected by a cross-site scripting vulnerability. This issue is due to the application failing to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
ProjectBB is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
ProjectBB is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. As a result of these vulnerabilities, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote buffer overflow vulnerability affects Cerulean Studios Trillian. This issue is due to a failure of the application to securely copy image data into finite process buffers. An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that activated the vulnerable application.
It is reported that PHPNews is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input. This issue reportedly affects PHPNews version 1.2.4, previous versions might also be affected.
PBLang is reported to be prone to a vulnerability that can allow a registered user to delete arbitrary personal messages. The vulnerability exists due to a design error leading to a lack of access controls. An attacker can exploit this vulnerability by crafting a malicious URL in the following format: http://www.example.com/pblang/delpm.php?id=[PMID]&a=[Target user name]
427BB is reportedly affected by multiple remote HTML injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
A remote script injection vulnerability affects CutePHP CuteNews. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. An attacker may leverage this issue to inject arbitrary server-side scripts locally and client-side scripts remotely, potentially facilitating code execution with the privileges of the affected Web server and cross-site scripting attacks.
Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. An attacker may leverage these issues to manipulate and view arbitrary database contents (by exploiting various SQL-injection issues) and to run arbitrary script code in the browser of an unsuspecting user (by exploiting multiple cross-site scripting vulnerabilities).
Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. An attacker may leverage these issues to manipulate and view arbitrary database contents (by exploiting various SQL-injection issues) and to run arbitrary script code in the browser of an unsuspecting user (by exploiting multiple cross-site scripting vulnerabilities). Examples of vulnerable URLs include http://www.example.com/phpcoin/mod.php?mod=helpdesk&mode=new and http://www.example.com/phpcoin/mod.php?mod=mail&mode=reset&w=user, which can be exploited by appending malicious JavaScript code to the URL.
Services By CQR