An encryption key signing vulnerability has been reported to exist in Dark Age of Camelot. This issue is due to a design error in the application that carries out encryption without having the encryption key signed or verified by the affected server. This issue may allow for an attacker to carry out man-in-the-middle attacks against a vulnerable system. Successful exploitation may allow an attacker to gain access to sensitive information transmitted between the client and the games server.
It has been reported that ReGet may be prone to a directory traversal vulnerability that may allow remote attackers to upload files to arbitrary locations on a target system. The attacker may supply encoded directory traversal sequences in the URI parameter so that the requested file is saved outside of the default download directory specified by the user.
MS-Analysis module is prone to a remote SQL injection vulnerability due to a failure to properly sanitize user supplied HTTP header input before using it in an SQL query. This could allow an attacker to influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.
It has been reported that MS-Analysis is prone to a multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI parameters. These issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. The issue exists due to insufficient sanitizing of the 'id' URI parameter when using the 'comments' feature in 'index.php' script.
It has been reported that phpBB may be prone to multiple vulnerabilities that could allow an attacker to carry out SQL injection and cross-site scripting attacks. These vulnerabilities result from insufficient sanitization of user-supplied input via the 'id' parameter of 'admin_smilies.php' module and the 'style_id' parameter of 'admin_styles' module.
XWeb is vulnerable to directory traversal attacks, allowing remote attackers to gain access to sensitive files outside of the server root. This can be done by appending "../" to the URL, such as http://www.example.com/../../../../etc/passwd.
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. The issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.
It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script. In the register form: '><iframe src=http://www.example.com/admin/user_del.asp?ID=[ID to delete]>
It has been reported that Member Management System may be prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The problem is reported to exist in the 'ID' parameter contained within the 'resend.asp' and 'news_view.asp' scripts.
Services By CQR