SPChat has been reported prone to a remote file include vulnerability. The issue presents itself due to insufficient sanitization performed on the user-supplied URI variable 'statussess' by the SPChat module. It is possible for a remote attacker to include a malicious file in a URL.
WebChat does not adequately filter script code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the WebChat 'users.php' script. This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.
WebChat has been reported prone to a database username disclosure weakness. The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the affected page. An attacker may exploit this weakness to enumerate database passwords.
A problem in Shoutbox may result in traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to the expanded.php script, and could allow the viewing of potentially sensitive files by attackers.
Webchat has been reported prone to a path disclosure weakness. Reportedly an attacker may make a malicious HTTP request for several Webchat PHP scripts to trigger the condition. Under some circumstances the request will trigger an exception, causing Webchat to display an error message, which may possibly contain sensitive path information.
Xmame is prone to a locally exploitable buffer overflow. This is due to insufficient bounds checking of the command line parameter used to specify language settings (--lang). Successful exploitation on some systems could result in execution of malicious instructions with elevated privileges.
Mod_gzip is reported prone to a stack overflow, format string vulnerability and a file corruption issue due to a predictable naming scheme for log files. Exploitation of these issues could result in execution of malicious instructions or corruption of critical or sensitive files. These issues reportedly only occur when the software is run in debug mode.
Shoutbox is prone to an issue that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient sanitization of input into the expanded.php script.
This vulnerability is reportedly caused by a lack of sufficient sanitization of user-supplied data contained in URI parameters supplied to WebStores2000. Successful exploitation may allow for modification of the structure of SQL queries, resulting in information disclosure, or database corruption.
A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link containing script code embedded within this variable. Successful exploitation of this issue would allow an attacker to execute arbitrary script code in a victim's browser within the context of the visited website. This may allow for the theft of sensitive information or other attacks.
Services By CQR