The rxgoogle.cgi search script is prone to a cross-site scripting vulnerability because the software fails to sanitize user input and allows various metacharacters that may facilitate cross-site scripting attacks. An attacker may leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
It has been reported that ReviewPost PHP Pro may be prone to multiple SQL injection vulnerabilities that may allow an attacker to influence SQL query logic. This issue could be exploited to disclose sensitive information that may be used to gain unauthorized access. An attacker may pass malicious data via the 'product' parameter of 'showproduct.php' script and the 'cat' parameter of 'showcat.php' script.
It has been reported that the issue presents itself due to a failure by Internet Explorer to remove JavaScript URIs from the browser history list in some circumstances. A JavaScript specific JavaScript URI, can be embedded in the Browser history list and further employed by an attacker to have JavaScript code executed in the context of the Local Machine security zone.
Chaser has been reported to be prone to a denial of service vulnerability. This issue is caused by a lack of input validation of a size parameter specified in UDP network communication packets. The process will attempt to read the amount of data specified by the packet, without regard to the amount of memory allocated. This will cause an attempt by the application to dereference unallocated memory, producing an exception and causing the process to crash.
phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be exploited by providing directory traversal sequences as an argument for a specific URI parameter.
X-Cart is vulnerable to an information disclosure issue due to a failure of the application to sanitize values specified by parameters in the URI. This issue has been reported to affect the 'auth.php' and 'general.php' scripts. By setting the 'mode' URI parameter to request information on the current PHP and Perl software versions, attackers can gain access to sensitive system details. Additionally, the 'config[General][shop_closed]' and 'shop_closed_file' parameters can be set to view any web server readable files on the affected system.
X-Cart is vulnerable to a Remote Command Execution vulnerability due to a failure to sanitize values specified by parameters in the URI. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, containing a maliciously crafted parameter in the URI. This will allow the attacker to execute arbitrary commands on the affected system.
A problem has been identified in the handling of specific types of traffic by Cisco 6000, 6500, and 7600 routers with the MSFC2 device. Because of this, an attacker could potentially crash a vulnerable system. The Cisco Global Exploiter is a Perl script that can be used to exploit multiple vulnerabilities in Cisco routers and switches. The script can be used to exploit vulnerabilities such as Cisco 677/678 Telnet Buffer Overflow Vulnerability, Cisco IOS Router Denial of Service Vulnerability, Cisco IOS HTTP Auth Vulnerability, Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability, Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability, Cisco 675 Web Administration Denial of Service Vulnerability, Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerabiliy, Cisco IOS Interface Blocking Vulnerability, Cisco IOS HTTP Denial of Service Vulnerability, Cisco IOS HTTP Authorization Vulnerability, Cisco IOS HTTP Configuration Arbitrary Access Vulnerability, Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability, Cisco Catalyst Memory Leak Vulnerability, and Cisco IOS Software Authentication Bypass Vulnerability.
The showcode.asp script activated in Sample_showcode.html may be vulnerable to a directory traversal issue. A remote attacker may view any files readable by the web server using '../' escape sequences in URI requests.
The 0verkill game client has been reported prone to multiple instances of exploitable buffer overrun vulnerabilities. The functions that have been reported to be affected are load_cfg(), save_cfg() and send_message(). It has been reported that due to a lack of sufficient boundary checks performed on user supplied data, an attacker may exploit the issues to execute arbitrary instructions in the security context of the Overkill game client.
Services By CQR