It has been reported that eNdonesia is prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a victim's browser. The issue reportedly exists in the mod.php script via the 'mod' URI parameter. Successful exploitation may allow an attacker to steal cookie-based credentials from a user. Other attacks are possible as well.
A vulnerability has been discovered in Tellurian TftpdNT that could allow a remote attacker to execute arbitrary code. The problem likely occurs due to insufficient bounds checking when handling user-supplied filenames. As a result, it may be possible for an attacker to corrupt internal process memory, ultimately allowing for the execution flow of the program to be controlled.
A vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code is not sanitized from a URI parameter passed to miniPortail. An attacker could exploit this issue to execute arbitrary HTML code in the browser of a remote user who follows a malicious link.
An SQL injection vulnerability has been reported in Attila PHP that could allow an attacker to gain unauthorized privileged access to a target site. This could be accomplished by requesting a URI including parameters designed to influence the results of specific user verification checks. Privileged access to a site implementing Attila PHP could allow an attacker to gain sensitive information or launch other attacks.
Monop (included in bsd-games) is prone to a locally exploitable buffer overrun vulnerability. This is due to insufficient bounds checking of player names. Monop is typically installed setgid games, so it is possible to exploit this issue to execute arbitrary code with these privileges.
A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the pass_done.php file included with Py-Membres. Because of this, a remote attacker may launch SQL injection attacks through the software.
Py-Membres is vulnerable to an unauthenticated administrative access vulnerability. By manipulating the URI parameters, an attacker can log into the system as an administrative user without the need for passwords.
A vulnerability has been reported in Netbula Anyboard that may allow a remote attacker to gain access to sensitive data. This problem is due to an information disclosure issue that can be triggered by an attacker sending specific HTTP requests to a vulnerable host. This will result in sensitive information about the system being revealed to the attacker.
A file include vulnerability has been reported in the nphpd.php module of newsPHP that may permit an attacker to include and execute malicious script code on a vulnerable host. The issue is reported to exist in the LangFile variable of nphpd.php module of the software. Successful exploitation may lead to execution of arbitrary code on a vulnerable system by a remote attacker.
A vulnerability is reported to exist in newPHP that may allow an attacker to gain access to a vulnerable host due to improper verification of authentication credentials. This issue may be exploited to gain access to sensitive data or perform other unauthorized actions. An attacker can send a malicious request to the vulnerable host with a fake username and a password of 'a', followed by a MD5 hash of '0cc175b9c0f1b6a831c399e269772661' and a value of '5' for the user index.
Services By CQR