Autonomy Ultraseek is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks.
Sun Java System Access Manager and Identity Manager are prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
NewsCMSLite is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.
OpenX is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
Lootan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ConPresso CMS is prone to multiple remote vulnerabilities, including cross-site scripting, cross-domain scripting, and session-fixation vulnerabilities. An attacker can exploit these issues to execute arbitrary script code within the context of the affected browser or within the context of another frame, steal cookie-based authentication credentials, hijack a user's session, and gain unauthorized access to the affected application. Other attacks are also possible.
LDF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
A local attacker may be able to exploit this issue to bypass access control restrictions and make unintended system calls, which may result in an elevation of privileges.
OBLOG is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will cause the affected application to crash, effectively denying service to legitimate users. Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application: '26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'