CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This issue may also allow remote file includes, although this has not been confirmed.
CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import. Reportedly supplying ',,,,, as the contents of the uploaded csv file will make the SQL query in './citrusdb/tools/importcc.php' fail.
Brooky CubeCart is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to disclose arbitrary files and carry out cross-site scripting attacks. The application is reportedly susceptible to a remote directory traversal vulnerability. A malicious user could issue a request containing directory traversal strings such as '../' to possibly view files outside the server root directory in the context of the server. The application is also prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This may allow for theft of cookie-based authentication credentials or other attacks.
A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. An attacker may leverage this issue to gain access to potentially sensitive data, possibly facilitating further attacks against an affected computer.
Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. The issue presents itself when a HREF tag contains certain mouse events. This issue may be leveraged by an attacker to display false information in the status bar or URI property dialog of an affected browser, allowing an attacker to present web pages to unsuspecting users that seem to originate from a trusted location. This may facilitate phishing style attacks; other attacks may also be possible.
MercuryBoard is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before being used in SQL queries. The vulnerability is reported to affect the 'index.php' script.
602 Lan Suite 2004 is reportedly affected by a vulnerability regarding the uploading of file attachments. This issue is due to the application failing to properly sanitize the names of file attachments before upload. A malicious user could exploit this vulnerability using directory traversal attacks to upload a file to an arbitrary location accessible by the affected server. This vulnerability could lead to the execution of a malicious file on the server hosting the application.
Multiple remote vulnerabilities reportedly affect RealNetworks RealArcade. The first issue allows for arbitrary file deletion due to an input validation issue. The second issue is an integer overflow issue resulting in code execution. Both of these issues require an unsuspecting user to download and activate a malicious file for exploitation. Successful exploitation of these issues will facilitate code execution and file deletion with the privileges of an unsuspecting user that activates a malicious RealArcade file.
xGB is reportedly affected by a vulnerability that could permit unauthorized administrator access. This issue is due to the application failing to properly verify user credentials. A malicious user could exploit this vulnerability to bypass user authentication and gain administrative access.
PHP-Fusion is reportedly affected by an information disclosure vulnerability. This issue is due to the application failing to properly sanitize user-supplied input. It is reported that an attacker could leverage this vulnerability to view any thread of protected forums on an affected version of the application. All PHP-Fusion 4 versions are reportedly affected by this vulnerability; earlier versions may also be vulnerable.
Services By CQR