PhpGedView is prone to a cross-site scripting vulnerability. Remote attackers may create malicious links to this script that include hostile HTML and script code. If such a link was followed by a victim user, the attacker-supplied code would be rendered in the security context of the site hosting the software. This could be exploited to steal cookie-based authentication credentials. Other attacks are also possible.
PhpGedView is prone to multiple file include vulnerabilities. The source of the issue is that a number of scripts that ship with the software permit remote users to influence require() paths for various external files. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software.
FreznoShop is prone to a cross-site scripting vulnerability. Remote attackers may create malicious links to the software that include hostile HTML and script code. If such a link was followed by a victim user, the attacker-supplied code would be rendered in the security context of the site hosting the software. This could be exploited to steal cookie-based authentication credentials. Other attacks are also possible.
HotNews is prone to multiple file include vulnerabilities, which allows remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software.
ASP-Nuke is vulnerable to an unauthorized access attack when user credentials are stored on the system. An attacker can gain access to sensitive information by accessing the main.mdb file located in the db directory.
ASPapp PortalApp is vulnerable to an unauthorized access vulnerability due to the way user credentials are stored on the system. An attacker can exploit this vulnerability by accessing the data/8275.mdb file, which contains the user credentials, and gaining access to sensitive information.
The Athena Web Registration scripts are vulnerable to command injection attacks due to insufficient input validation. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which will then execute the injected command.
Surfnet is prone to a denial of service vulnerability via the CMD_CREDITCARD_CHARGE command. By issuing this command with malformed arguments, it is possible to crash the software. When the software crashes, it will drop the kiosk user into the underlying operating system.
Surfnet kiosks are vulnerable to an authentication bypass vulnerability that allows users to double their time in kiosk accounts. This occurs when a user attempts to authenticate to the kiosk, causing their time to be doubled for each attempt.
xsok is prone to a locally exploitable buffer overrun vulnerability due to insufficient bounds check of data supplied through the LANG environment variable. This could be exploited to execute arbitrary code with elevated privileges. The program is typically installed setgid games.
Services By CQR