@Mail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This issue allows a remote attacker to manipulate query structure and logic. It has been reported that the attacker may gain unauthorized access to sensitive information. Other attacks may be possible depending on the capabilities of the underlying database and the nature of the affected query. One may input this string into the search box on the affected pages: 'or'1'='1'or'1'='1
Dragonfly Commerce is prone to multiple SQL injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
McAfee IntruShield Security Management System is susceptible to multiple vulnerabilities. The first two issues are cross-site scripting vulnerabilities in the 'intruvert/jsp/systemHealth/SystemEvent.jsp' script. These issues are due to a failure of the application to properly sanitize user-supplied data prior to utilizing it in dynamically generated HTML. The next two issues are authorization bypass vulnerabilities leading to information disclosure and the ability to acknowledge, de-acknowledge, and delete security alerts. These vulnerabilities require a valid user account in the affected application.
BisonFTP is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users. Reports indicate that the issue may be exploited only after successful authentication. A malicious user can send an invalid buffer size to BisonFTPD, resulting in 100% CPU usage or a crash.
DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data. Attackers can harvest information through leveraging this issue which may aid in further attacks against the affected service.
FusionBB is vulnerable to a local file include vulnerability and multiple SQL injection vulnerabilities. The local file include vulnerability allows an attacker to execute arbitrary server-side script code with the privileges of the web server process. The SQL injection vulnerabilities can result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The Linux kernel is susceptible to a local buffer-overflow vulnerability when attempting to create ELF coredumps. This issue is due to an integer-overflow flaw that results in a kernel buffer overflow during a 'copy_from_user()' call. To exploit this vulnerability, a malicious user creates a malicious ELF executable designed to create a negative 'len' variable in 'elf_core_dump()'. Local users may exploit this vulnerability to execute arbitrary machine code in the context of the kernel, facilitating privilege escalation.
Advanced Guestbook is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Services By CQR