It has been reported that an input validation error exists in the index.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database and alter information on articles posted on the site.
Advanced Poll is vulnerable to an information disclosure vulnerability. A remote user can access privileged information by accessing the info.php files located in the poll_dir/db/ and poll_dir/textfile/ directories. This information can be used to further attack the host and its users.
It has been reported that an input validation error exists in the article.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and gain unauthorized access to user accounts. An example of this exploit is provided in the text.
An input validation error exists in the banners.php file included with PHPNuke. An attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and potentially access sensitive information, then download it via the web.
A weakness has been reported in the encryption scheme used by ProtWare HTML Guardian. Specifically, the encryption scheme implemented obfuscates data using a simple bit shifting technique, making it trivial for attackers to reverse. Administrators may be relying on a false sense of security by implementing the protection supplied by HTML Guardian.
Simple Chat! does not restrict access to sensitive information by default, allowing an attacker to access the usr.dat file which contains sensitive information such as usernames and passwords.
A vulnerability has been reported in Planetmoon Guestbook, which allows remote users to retrieve clear text password lists. This is done by accessing the URL http://[somehost]/[gb_dir]/files/passwd.txt, which contains the clear text passwords.
ProSafe VPN Firewall devices are vulnerable to a buffer overflow attack when a maliciously crafted username and password is sent to the device. This can result in a crash and potential denial of service.
A vulnerability has been reported for eDonkey clients for Windows that will result in a denial of service condition. The vulnerability occurs when numerous chat dialog boxes are opened by the eDonkey or Overnet clients. Every open chat dialog box will consume a small amount of memory and CPU cycles. An attacker can exploit this vulnerability by connecting to a vulnerable eDonkey user and issuing numerous chat requests.
An issue has been discovered in Check Point FW-1 syslog daemon when attempting to process a malicious, remotely supplied, syslog message. Specifically, some messages containing escape sequences are not properly filtered out. This may result in unpredictable behaviour by the Check Point syslog daemon.
Services By CQR