phpFaber CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Intellicom 'NetBiterConfig.exe' is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Ruby on Rails is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, or delete certain data. Other attacks are also possible. This exploit creates a user account with administrative rights by exploiting the CSRF vulnerability in Redmine <= 0.8.6. The exploit code includes a form with hidden fields that contain the user's login, firstname, lastname, email, password, and admin status. The exploit also includes a script that submits the form when the page is loaded.
Million Pixel Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Attackers could exploit these issues to steal cookie-based authentication credentials, perform unauthorized actions, or bypass certain security restrictions. Other attacks are also possible. Some of these vulnerabilities may be documented in BID 33177 (Oracle January 2009 Critical Patch Update Multiple Vulnerabilities). Reportedly, the HTML-injection and some authentication-bypass vulnerabilities were addressed in the Oracle January 2009 Critical Patch Update.
MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions. An attacker can exploit these issues to crash the application, denying access to legitimate users.
ZeeJobsite is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. Exploits may allow attackers to execute arbitrary code with kernel-level privileges and launch other attacks. Successful exploits will result in the complete compromise of affected computers.
The Joomla! You!Hostit! template is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Warp5 component for Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR