SD Server is vulnerable to a directory traversal attack, which allows an attacker to gain access to potentially sensitive system files. This is due to the application's failure to properly sanitize user-supplied input, allowing an attacker to traverse the directory structure by using a '../' sequence in the URL.
PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'admin_setup.php' script. Reports indicate that when malicious script code is injected, this code can then be forced to execute in the context of the web service that is hosting the affected software.
Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script content. Since this could permit an attacker to inject hostile JavaScript into the forum system, it is possible to steal cookie credentials or misrepresent site content.
The Bontago game server is reported to be affected by a remote buffer overrun vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed on client-supplied 'nickname' values. It is conjectured that a remote attacker may exploit this vulnerability to influence execution flow of a target game server and have arbitrary supplied instructions executed in the context of the affected process.
A remote file inclusion vulnerability exists in the standart.inc.php file of ae2. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameter 'topdir' in the standart.inc.php file. This can allow the attacker to execute arbitrary code on the vulnerable system.
PMachine Pro is reported prone to a remote file include vulnerability. This issue affects the 'mail_autocheck.php' script. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This will facilitate unauthorized access.
ZeroBoard is reported prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate theft of cookie-based authentication credentials as well as other attacks.
Thomson TCW690 cable modem is reported prone to multiple remote vulnerabilities. These issues may allow an attacker to cause a denial of service condition and/or gain unauthorized access to the device. The device is reported prone to a partial denial of service condition that results from a boundary condition error. Reportedly, a successful attack can cause the device to fail to process requests for a limited period of time. Another vulnerability affecting the modem can allow attackers to gain unauthorized access to the device. It is reported that the device does not properly verify users' authentication credentials when handling an HTTP POST request.
TrackerCam is prone to multiple remote vulnerabilities, including buffer-overflow issues, a directory-traversal issue, an information-disclosure issue, an HTML-injection issue, and denial-of-service issues. A remote attacker could exploit these issues to execute arbitrary code, obtain potentially sensitive information, launch phishing attacks or steal cookie based authentication credentials, and deny service to legitimate users.
It is reported that various ZIP related plugins supplied with the server contain multiple directory traversal vulnerabilities. These issues may allow remote attackers to determine the existence of files on a computer and also disclose arbitrary files. The issues arise due to insufficient sanitization of user-supplied data. By determining the presence of files in restricted directories and outside the server's root in addition to disclosing the contents of arbitrary files, the attacker can launch various attacks against a vulnerable computer.
Services By CQR