It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shell metacharacters via the 'count' parameter of php-ping.php script. Exploitation would permit a remote attacker to execute arbitrary commands with the privileges of the web server hosting the vulnerable software.
Private Message System is prone to a cross-site scripting vulnerability. This issue may be exploited by creating a malicious link to a site hosting the software with hostile HTML and script code embedded in URI parameters. If the link is followed, the attacker-supplied code may be rendered in the victim user's browser. Possible consequences of exploitation include theft of cookie-based authentication credentials or using the issue as an attack vector to exploit latent web browser security flaws.
Multiple cross-site scripting vulnerabilities have been reported in L-Soft Listserv. An attacker may exploit these issues by embedding hostile HTML and script code in a link to a site hosting the software. This could permit theft of cookie-based authentication credentials or other attacks. These issues could also provide an attack vector for latent vulnerabilities in web browser software.
A vulnerability has been reported to exist in the Survey module of PHP-Nuke that may allow a remote attacker to inject malicious SQL syntax into database queries. The source of this issue is insufficient sanitization of user-supplied input. A malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database.
It has been reported that Surfboard httpd is prone to a remote buffer overflow condition that may allow an attacker to gain unauthorized access to a system running the vulnerable software. The issue presents itself when an attacker sends a specially crafted URL request with more than 1024 characters to the server daemon.
It has been reported that GNU Indent may be prone to a local heap overflow vulnerability that can be exploited through a malicious C source input file. It has been reported that indent copies data from the file to a 1000 byte long buffer without sufficient boundary checking. A heap overflow condition can be triggered, which may result in memory being overwritten and, ultimately, malicious code execution with the privileges of the user running indent.
It has been reported that Psychoblogger may be prone to multiple cross-site scripting vulnerabilities that may allow a remote attacker to execute HTML or script code in a user's browser. The issues are reported to exist in the 'imageview.php', 'entryadmin.php', 'authoredit.php', 'blockedit.php', 'configadmin.php' and 'quoteedit.php' scripts. These vulnerabilities result from insufficient sanitization of user-supplied data passed via vulnerable parameters.
Webfroot Shoutbox is prone to a cross-site scripting vulnerability in the 'viewshoutbox.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. This input will be included in dynamically generated web pages. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script. The attacker-supplied code will be interpreted in the context of the site hosting the vulnerable software.
my little forum is prone to a cross-site scripting vulnerability in the 'email.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via the URI parameters. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script.
It has been reported that Xlight FTP Server is prone to a remote buffer overflow condition that may allow an attacker to gain unauthorized access to a system running the vulnerable software. The issue presents itself when an attacker sends a specially crafted PASS command request containing an excessively long string value to the vulnerable server.
Services By CQR