An SQL injection issue has been reported to affect OneOrZero Helpdesk. The error presents itself in a OneOrZero Helpdesk script that fails to sufficiently sanitize user-supplied input before including it in SQL queries. Successful exploitation could result in compromise of the OneOrZero Helpdesk site integrity.
A vulnerability has been reported for ArGoSoft Mail Server FreeWare version. The problem occurs due to the FreeWare version of ArGoSoft failing to carry out sufficient authentication before granting access to the user management interface. As a result, an unauthorized user may be capable of tampering with sensitive server settings or user information. Access to this interface may also allow for the disclosure of sensitive information such as username or passwords.
A vulnerability has been reported for PHP-Proxima. The problem occurs in the autohtml.php script. Specifically, the script fails to verify the contents of a user-supplied variable before including a specified file into an HTML file. As a result, a malicious remote user may be capable of using this as a channel to disclose the contents of arbitrary local system files.
It has been reported that PalmOS becomes unstable when flooded with ICMP ECHO_REQUEST traffic. A remote attacker can trigger a device lockup condition or cause the Palm OS device to loose network connectivity.
Inktomi Traffic Server is prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of input passed to the proxy, which will be echoed back in error pages under some circumstances. A malicious attacker could exploit this issue by creating a link which contains hostile HTML and script code and then enticing users of the proxy to visit the link. When the link is visited via the proxy, attacker-supplied script may be interpreted in the user's browser. Exploitation could permit HTML and script code to access properties of the domain that is requested through the proxy.
Owl has been reported prone to an authentication bypass vulnerability. The issue presents itself due to a lack of sufficient sanitization when checking the validity of usernames and passwords supplied to 'browse.php'. An attacker may exploit this condition to bypass the Owl authentication system.
A vulnerability has been reported in vBulletin 3.0.0 beta 2. The problem is said to occur due to insufficient sanitization of private messages. As a result, an attacker may be capable of embedding malicious HTML or script code within a private message. This code may be interpreted by a legitimate user when previewing the message.
The Web_Links module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information gathered in this manner to mount further attacks against the host. It should be noted that although PHP-Nuke version 6.x has been reported vulnerable, other versions might also be affected.
PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks.
It has been reported that a problem with Verilink broadband routers exists in the handling of TFTP packets. Because of this, an attacker could potentially deny service to legitimate users of the network.
Services By CQR