Zilab Chat and Instant Messaging (ZIM) Server is prone to multiple vulnerabilities, including denial-of-service issues and memory-corruption issues. A successful exploit may allow remote attackers to execute arbitrary code in the context of the affected software and/or cause denial-of-service conditions.
XOOPS 'prayerlist' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. For example, an attacker can send a specially crafted URL to the vulnerable application such as http://www.example.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-00000%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/3333,aid/**/from%2F%2A%2A%2Fnuke_authors/*where%20admin%201%200%202 or http://www.example.com/modules.php?name=Downloads&d_op=viewsdownload&sid=-00000%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/3333,pwd/**/from%2F%2A%2A%2Fnuke_authors/*where%20admin%201%200%202, which can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Tiny Event is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Classifieds module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Joomla! and Mambo Referenzen component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
IBM Lotus Quickr is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Aeries Student Information System is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Joomla! and Mambo 'com_asortyment' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Joomla! and Mambo 'com_most' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server, which contains malicious SQL statements in the 'secid' parameter.
Services By CQR