A remote attacker can exploit this issue by crafting a malicious Web site that triggers this vulnerability and enticing a user to visit the site. If successful, the attacker may create arbitrary files on the computer. This may lead to various attacks including arbitrary code execution.
OOApp Guestbook is reportedly affected by multiple HTML injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input. The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user, other attacks are also possible.
phpMyAdmin is affected by multiple local file include vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include()', 'require()', 'require-once()', or similar function call. An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. It should be noted that these issues may also be leveraged to read arbitrary file on an affected computer with the privileges of the Web server.
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PBLang is reportedly affected by a cross-site scripting vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remotely exploitable client-side directory-traversal vulnerability affects Winace unace. The application fails to properly sanitize file and directory names contained within malicious ACE format archives. An attacker may leverage this issue by distributing malicious ACE archives to unsuspecting users. This issue will allow an attacker to write files to arbitrary locations on the filesystem with the privileges of an unsuspecting user that extracts the malicious ACE archive.
iGeneric iG Shop is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using them in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Mono is prone to various cross-site scripting attacks. These issues result from insufficient sanitization of user-supplied data and arise when Mono converts Unicode characters ranging from U+ff00-U+ff60 to ASCII.
An attacker can exploit this issue to inject arbitrary SMTP headers by using CR and LF sequences. If successful, it becomes possible to abuse the application as a mail relay. Email may be sent to arbitrary computers. This could be exploited by spammers or other malicious parties.
WebConnect is reported prone to a remote denial of service vulnerability. A remote attacker may exploit this vulnerability to crash the WebConnect software and deny service for legitimate users. A directory traversal vulnerability is also reported to affect WebConnect. This issue is reported to exist due to a lack of sufficient sanitization performed on a user-supplied URI parameter that is passed to the 'jretest.html' script. A remote attacker may exploit this vulnerability to disclose the contents of server readable files.
Services By CQR