An information disclosure vulnerability has been reported for TVCS. Reportedly, it is possible for an attacker to access the log files generated by TVCS. The log files contain very sensitive information about the system, including user names and passwords. Any information obtained in this manner may be used by an attacker to launch further destructive attacks against a system.
A denial of service vulnerability has been reported for Trend Micro TVCS. The vulnerability occurs when numerous requests for 'activesupport.exe' are made. This will cause the web server to stop responding to requests for a limited period of time. Repeated requests will cause a denial of service for an indefinite period of time.
Trend Micro OfficeScan is vulnerable to a directory traversal attack, allowing an attacker to access programs residing in the cgi directory of the OfficeScan installation. This can be exploited by sending a specially crafted HTTP request to the cgiMasterPwd.exe script, which is located in the cgi directory.
Psunami Bulletin Board is prone to a remote command execution vulnerability. Psunami does not sufficiently sanitize shell metacharacters from query string parameters. As a result, it may be possible for a remote attacker to execute arbitrary commands in the context of the webserver process.
Psunami Bulletin Board is prone to a remote command execution vulnerability. Psunami does not sufficiently sanitize shell metacharacters from query string parameters. As a result, it may be possible for a remote attacker to execute arbitrary commands in the context of the webserver process.
A vulnerability has been discovered in vSignup. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to view protected web pages. An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.
A vulnerability has been discovered in vAuthenticate. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to view protected web pages. An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.
Geeklog is prone to HTML injection attacks. The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script code into this field. When the malicious user's account information is displayed to other web users, the attacker-supplied code will be interpreted in their web client in the security context of the site hosting the vulnerable software.
Geeklog is prone to a cross-site scripting vulnerability in the 'comment.php' script. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code. When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client.
The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a malicious link to a site hosting Geeklog, which contains malicious HTML or script code. When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client.
Services By CQR