IA WebMail Server is said to be prone to a remote buffer overrun that could allow an attacker to execute arbitrary code. The problem occurs due to insufficient bounds checking when handling GET requests. As a result, an attacker may be capable of overrunning the bounds of an internal memory buffer and effectively control the flow of execution.
PHPKIT is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software. The issue exists in the 'include.php' script. An attacker could exploit this issue by enticing a user to follow a malicious link. This could theoretically allow for theft of cookie-based authentication credentials or other attacks.
MPM Guestbook is reported to be prone to a cross-site scripting vulnerability due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software. An attacker could exploit this issue by enticing a user to follow a malicious link. This could theoretically allow for theft of cookie-based authentication credentials or other attacks.
A vulnerability has been reported in Web Wiz Forum that could allow unauthorized access to private forums. The problem occurs when handling malformed requests that make use of 'quote' mode. When this mode is used, Web Wiz Forum will allegedly fail to carry out sufficient checks between the requested forum and message. As a result, an attacker could potentially read or write to a private forum.
It has been reported that Sympoll is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'vo' parameter. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.
Nullsoft SHOUTcast Server is prone to a memory corruption vulnerability that may lead to denial of service attacks or code execution. This is due to insufficient bounds checking of server commands supplied by authenticated users, specifically icy-name and icy-url. This issue was reported in SHOUTcast 1.9.2 on Windows platforms. Other versions and platforms may also be affected.
It has been reported that DATEV Nutzungskontrolle may be prone to a access validation issue that may allow a local attacker to gain access to sensitive data. The issue presents itself as a local user is able modify certain keys in the Windows registry resulting in bypassing the security model of the software. This issue would not present itself if the registry keys were set to read only. Successful exploitation of this issue may allow an attacker to gain access to sensitive data that could be used to launch further attacks against the system.
HTTP Commander is prone to a directory traversal vulnerability, which allows a remote attacker to traverse outside the server root directory by using '../' character sequences. Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information, which may be used to mount further attacks against a vulnerable system. HTTP Commander version 4.0 is reported to be prone to this issue, however other versions may be affected as well.
It has been reported that the Mldonkey web interface is prone to cross-site scripting attacks when reporting errors. The problem occurs due to insufficient sanitization of script code within requests. This could potentially allow an attacker to carry out a variety of attacks on a user.
It has been reported that Tritanium Bulletin Board may be prone to an access validation error that may allow a remote attacker to to gain unauthorized access to threads. A remote attacker may be able to access sensitive data by modifying the URL and supplying a value for thread_id, forum_id, and sid paremeters.
Services By CQR