PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly santize user-supplied input. The application is prone to multiple cross-site scripting, HTTP injection, SQL injection and directory traversal vulnerabilities.
PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to multiple cross-site scripting, HTTP injection, SQL injection, and directory traversal vulnerabilities.
Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
XMB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. A successful exploit could allow an attacker to steal cookie-based authentication credentials and launch other attacks.
OSTE is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
The vulnerability allows an attacker to access a victim user's voicemail and any .wav/.WAV files on the affected system by exploiting a failure in the application's verification of user-supplied input.
The Ocean12 ASP Calendar Manager is prone to an authentication bypass vulnerability due to an access validation error in the application. This allows an attacker to gain access to restricted data.
Exploit allows for remote root shell access on PCMan FTP Server v2.0.7 using the USER command. Discovered and reported in June 2013 by Jacob Holcomb/Gimppy, a Security Analyst at Independent Security Evaluators. The exploit is available at http://infosec42.blogspot.com/. The vulnerability is a buffer overflow in the PCMan FTP Server v2.0.7 software, which listens on TCP/21. Only the USER command was tested, and the CVE is pending.
JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.