This exploit is a denial of service attack against Media Center 11.0.309, J. River UPnP Server Version 1.0.34, and the TiVo server plugin. Upon successful exploitation, a buffer overrun error will be displayed. The exploit corrupts the program's internal state, preventing legitimate users from using the service.
Cross-site vulnerabilities have been reported in the Calendar, PageMaster, Search and Fatcat modules of PHP Website that allow an attacker to create a link containing malicious script code that may be rendered in a user's browser when the link is followed. This would occur in the security context of the site running PHP Website.
Multiple SQL injection vulnerabilities have been reported in PHP Website. These issue may be exploited by sending a malicious request to the calendar script. Possible consequencs of exploitation include compromise of the site and disclosure of sensitive information.
A cross-site scripting vulnerability has been reported in the index.php script of PHPOutSourcing Zorum. This vulnerability allows an attacker to execute HTML and script code in the browsers of target users in the security context of the site hosting the vulnerable script.
Better Basket Pro (BBPro) Store Builder is vulnerable to path disclosure. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This will result in the disclosure of the server's path information.
Stellar Docs will disclose path information in an error page in response to a request for an invalid request for a web resource. This could disclose information that could be useful in further attacks against the system. It should be noted the error output indicates that a database function has failed, which may be due to a more serious issue, such as SQL injection.
DCForum+ is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code in the subject field of posts to the bulletin board. This is because the script that processes posts does not sufficiently sanitize user input, allowing attackers to embed HTML and script commands within the post. This code may be rendered in the web browser of a user who views these areas of the site. This would occur in the security context of the site hosting DCForum+.
It has been reported that any valid username or account can be used in conjunction with a null password, to access the MDaemon SMTP server. This issue may be exaggerated, because a default MDaemon account 'MDaemon' is well known.
Invision Power Board is prone to a cross-site scripting vulnerability due to a lack of sufficient sanitization performed by functions in an Invision Power Board script on user-influenced URI parameters. A remote attacker can construct a malicious link to the affected script hosted on a remote site, and supply arbitrary HTML code as a value for a URI parameter. If this link is followed, the content of the URI parameter will be rendered in the browser of the user who followed the link.
Passing invalid data as URI parameters to geeeekShop scripts, will cause an error message to be displayed, which contains installation path information. Additionally it has been reported that a remote attacker may access site configuration scripts, which may lead to the disclosure of potentially sensitive information.
Services By CQR