It has been reported that a html injection issue exists in the Clickcess ChitChat.NET discussion forum software. The vulnerability is reported to be present in the Name and Topic Title text boxes. The problem may allow a remote attacker to inject malicious HTML and script code into the website, which may lead to cookie-based credential theft.
A file include vulnerability has been reported in the htmltags.php module of HolaCMS. This problem may allow an attacker to access potentially sensitive information reserved for adminstration. It has also been reported that some files included via exploitation may allow for information to be edited. It is not known if this may also be exploited to include remote files. If this is the case, this issue could also lead to remote command execution.
Clickcess ChitChat.NET discussion forum software is vulnerable to HTML injection. An attacker can inject malicious HTML and script code into the website by entering malicious code into the Name and Topic Title text boxes. This vulnerability may lead to cookie-based credential theft.
Xoops BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of Xoops where BBCode is rendered. This issue is due to a lack of sufficient sanitization performed on user supplied BBCode tags. Injected code may be rendered in the web browser of a user who views vulnerable areas of the site. This would occur in the security context of the site hosting Xoops and its related modules.
SurgeLDAP is vulnerable to Cross-Site Scripting attacks, allowing remote attackers to inject malicious HTML and script code into the user's browser when a malicious link is visited. This issue exists in the web server component of SurgeLDAP.
SurgeLDAP is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing an HTTP GET request for an invalid resource.
A vulnerability has been reported to present itself in the dlopen() function contained in the PHP source. The issue occurs when PHP is used in conjunction with the Apache web server. A local attacker may exploit this issue to gain unauthorized access to potentially sensitive information.
It has been reported that a cross-site scripting issue exists in the search utility of the software. It is possible that an attacker may create a malicious link containing script code that could be executed in a user's browser. The successful exploitation of this issue might allow and attacker to steal cookie-based credentials from a vulnerable host.
HostAdmin is prone to a path disclosure vulnerability. Passing invalid data to the HostAdmin site will cause an error message to be displayed, which contains installation path information.
A problem has been identified in the RSVP Server for Microsoft Windows 2000 that may allow an attacker to hijack management of the network. This could allow an attacker control of network Quality of Service.
Services By CQR