It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running osCommerce. This may allow for theft of cookie-based authentication credentials and other attacks.
It has been reported that under some circumstances, the ActiveSync wcescomm service can be forced to crash. Due to improper handling of some requests, the wcescomm process becomes unstable. This can result in the process crashing, requiring a manual restart to resume service.
XOOPS has been reported vulnerable to an information disclosure vulnerability. According to the report, path information and other sensitive data may be output in server error messages. Information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system.
An information disclosure vulnerability has been reported for WFChat. The vulnerability will result in the disclosure of authentication information to a remote attacker. Information obtained in this manner may allow the attacker to launch further attacks against a vulnerable system.
It has been reported that DCP-Portal does not sufficiently filter URI parameters supplied to the DCP-Portal 'calender' script. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running DCP-Portal. This may allow for theft of cookie-based authentication credentials and other attacks.
When handling certain download requests Siteframe may be lead into an error condition. When these errors occur, the script will output some path information. Information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system.
A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit the vulnerability by creating a specially crafted URL that includes malicious HTML code as URI parameters for Basit's Search module. This may allow for theft of cookie-based authentication credentials and other attacks.
A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit the vulnerability by creating a specially crafted URL that includes malicious HTML code as URI parameters for Basit's Submit module. This may allow for theft of cookie-based authentication credentials and other attacks.
Mambo Site Server has been reported prone to a cross-site scripting vulnerability. It has been reported that certain user supplied URI parameters are not sufficiently sanitized by the Mambo Site Server. As a result of this deficiency an attacker may create a specially crafted URL that includes malicious HTML code passed to the index page used by Mambo Site server. This may allow for theft of cookie-based authentication credentials and other attacks.
It has been reported that authentication is not required to view user account information. As a result, an unauthorized remote attacker may be able to view potentially sensitive information. This may aid in launching further attacks against a target user or system.
Services By CQR