A4Desk Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
suPHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits may allow attackers to bypass arbitrary PHP configuration options, including the 'safe_mode' setting. This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other.
Symbian S60 is prone to a denial-of-service vulnerability. Attackers can exploit this issue to prevent users from sending or receiving SMS or MMS messages. This issue affects handsets using Symbian S60. The following example message is available: '123456789@123456789.1234567890123'
Audio File Library ('libaudiofile') is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. An attacker can exploit this issue to execute arbitrary machine code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.
Madrese-Portal is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
MagpieRSS is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
An attacker can exploit these issues to execute arbitrary script code, steal cookie-based authentication credentials, obtain sensitive information, or gain unauthorized access to the affected application.
Mavi Emlak is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Attackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.
PECL Alternative PHP Cache is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. A malicious user with local write access (such as an FTP user on shared hosting environments) may create two directories </a><script>alert("XSS")</ and create a file named script>.php in the latter directory, then access this file via HTTP.
Services By CQR