XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and password values before including it in SQL queries. This could permit remote attackers to pass malicious input to database queries. If an attacker enters 'or' as the username and password, they can gain admin access to the password protected administrative pages.
Multiple vulnerabilities have been reported to exist in the software that may allow an attacker to carry out attacks against the database, disclose sensitive information, and execute HTML or script code in a user's browser. The issues include SQL injection, cross-site scripting, HTML injection, and information disclosure.
The e-GAP appliance is vulnerable to source code disclosure when it handles unexpected HTTP requests. An attacker can send a TRACE request to the appliance and view the source code of the login script.
It has been reported that RapidCache may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory using '../' character sequences.
It has been reported that RapidCache server may be prone to a denial of service vulnerability that may allow an attacker to cause the server to crash or hang. The issue presents itself when an attacker sends an excessively large string value to the server via the 'Host' argument through an HTTP GET request.
WWW File Share Pro has been reported prone to multiple remote vulnerabilities. The first reported issue is that a remote attacker may employ the 'upload' functionality of the vulnerable software to overwrite arbitrary files that are writable by the WWW File Share Pro process. The second issue reported, may allow a remote user to deny service to the affected software. It has been reported that if WWW File Share Pro handles a POST request that contains excessive data it will consume system resources and leave the affected system unresponsive.
It has been reported that FTPServer/X may be prone to a remote format string vulnerability when processing a malicious request from a client. The vulnerability presents itself when the server receives a malicious request containing embedded format string specifiers from a remote client when supplying a username during FTP authentication. This could be exploited to crash the server but could also theoretically permit corruption/disclosure of memory contents and execution of arbitrary code.
It has been reported that it may be possible for attackers to remotely delete security associations (SAs) in hosts running the KAME IKE daemon Racoon. An integer overflow vulnerability in Sun Microsystems Inc. Solaris allows attackers to read kernel memory from a non-privileged userspace process. The vulnerability specifically exists due to an integer overflow in /usr/src/uts/common/syscall/systeminfo.c
VisualShapers ezContents is vulnerable to a Remote File Inclusion vulnerability due to a lack of proper input validation. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a victim. If the victim visits the malicious URL, the attacker's malicious code will be executed on the vulnerable system.
It has been reported that WWW File Share Pro HTTP server may be prone to a remote denial of service condition. Successful exploitation of this vulnerability may allow a remote attacker to cause the vulnerable server to crash or hang, affectively denying service to legitimate users. WWW File Share Pro versions 2.46 and prior may be prone to this issue. Update: This vulnerability was originally fixed in WWW File Share Pro version 2.48, however, a new report suggests that version 2.60 is vulnerable to a similar attack. This has not been confirmed at the moment but version 2.60 is being added as a vulnerable version.
Services By CQR