News Evolution is a freely available, open source news software package. It is written in PHP, and designed for use on Unix and Linux operating systems. The problem occurs in the aff_news.php file. By loading this file, and defining the chemin variable to an arbitrary location, commands can be executed on the local host. This vulnerability may also be used to reveal sensitive information on the local host. This same vulnerability also occurs in the export_news.php file.
A remote file include vulnerability exists in Joomla Mosets Tree <= 1.0. An attacker can exploit this vulnerability to include arbitrary files from remote locations by sending a specially crafted request to the vulnerable application.
FreeNews is a freely available, open source News software package written in PHP, and designed for use on Unix and Linux operating systems. Programming errors in FreeNews could lead to the inclusion of arbitrary files on remote servers in the web application. It is possible for a remote user to place commands in these include files that could result in execution on the local host, making remote arbitrary command execution as the web user possible.
The ext.dll ISAPI does not sufficiently sanitize user-supplied input when processing search queries, which may allow an attacker to create a custom URL containing script code that, when viewed in a browser by a legitimate user, will result in the execution of the script code.
Web Server Creator Web Portal is vulnerable to a Remote File Inclusion vulnerability, which allows attackers to include arbitrary files from a remote server. This is possible due to the influence of the include path for the customize.php and index.php scripts. An attacker can cause an arbitrary PHP script to be included from an attacker-supplied source, which may result in execution of commands with the privileges of the webserver.
phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. Script code would be executed in the security context of the phpBB site. Supplied script code may access authentication credentials, or take actions as an authenticated user.
Due to insufficient sanitization of user supplied values, it is possible to exploit a vulnerability in VBulletin. By passing an invalid value to a variable located in 'members2.php', it is possible to generate an error page which will include attacker-supplied HTML code which will be executed in a legitimate users browser. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may use cookie-based authentication credentials to hijack the session of the legitimate user.
Several cross site scripting vulnerabilities have been reported for PHP-Nuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the web-based forum. Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
A remotely exploitable heap corruption vulnerability has been reported for WSMP3. Due to insufficient bounds checking of user-supplied input, it is possible for a remote attacker to corrupt heap memory. By corrupting allocated memory headers, it is possible to redirect program flow when the free() function is called. Successful exploitation of this issue may result in remote execution of arbitrary code with root privileges.
A remotely exploitable heap corruption vulnerability has been reported for WSMP3. Due to insufficient bounds checking of user-supplied input, it is possible for a remote attacker to corrupt heap memory. By corrupting allocated memory headers, it is possible to redirect program flow when the free() function is called. Successful exploitation of this issue may result in remote execution of arbitrary code with root privileges.
Services By CQR