UseModWiki is affected by a cross-site scripting vulnerability. The issue occurs due to a failure of the application to properly sanitize user-supplied URI input before outputting it in web pages. This vulnerability allows a remote attacker to create a malicious URI link that includes hostile HTML and script code. If the victim user follows this link, the hostile code may be rendered in their web browser, potentially leading to theft of cookie-based authentication credentials or other attacks.
Opera for Linux is susceptible to a remote command execution vulnerability. This issue is due to a default configuration setting in Opera that utilizes the KDE 'kfmclient' utility to open unknown content. Exploitation of this issue allows attacker-supplied commands to be executed in the context of the user running Opera.
UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web pages. These issues could permit a remote attacker to create malicious URI links that include hostile HTML and script code. If these links were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web pages. These vulnerabilities could permit a remote attacker to create malicious URI links that include hostile HTML and script code. If these links were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
SugarSales is affected by multiple vulnerabilities including an SQL injection vulnerability, a directory traversal vulnerability, and a remote denial of service and information disclosure vulnerability. The SQL injection vulnerability is caused by a lack of input validation, allowing attackers to inject malicious SQL queries. The directory traversal vulnerability is also due to a lack of input validation, enabling attackers to access files outside the intended directory. The remote denial of service and information disclosure vulnerability allows attackers to access sensitive information and cause a denial of service. To exploit these vulnerabilities, an attacker can log into SugarSales using the username 'admin' or '1=1 --' with any password. Additionally, sensitive files can be disclosed by accessing specific URLs.
A remote denial of service vulnerability affects Digital Illusions CE Codename Eagle. The issue is caused by a failure of the application to handle exceptional network data properly. An attacker can exploit this vulnerability to cause the application to stop responding to network-based messages, denying service to legitimate remote users. The network protocol used by the application allows the attacker to spoof their network identity, enabling anonymous exploitation.
phpMyAdmin is prone to multiple remote vulnerabilities that allow remote attackers to execute arbitrary commands and disclose files on a vulnerable computer. These vulnerabilities are caused by insufficient sanitization of user-supplied data.
The GameSpy SDK is prone to a buffer overflow vulnerability in its CD-key validation functionality. This vulnerability occurs due to a failure of the SDK to properly check the length of user-supplied network data before copying it to a fixed-sized memory buffer. Exploiting this vulnerability may allow attackers to execute arbitrary machine code within the context of the affected GameSpy developed game.
The vulnerabilities in GNU wget allow attackers to perform directory traversal, arbitrary file overwriting, and execute malicious code by not properly sanitizing user-supplied input and validating file presence before writing to them. An attacker can exploit these issues to overwrite files within the current directory and potentially outside of it, leading to file corruption, denial of service, and further attacks against the affected computer. The vulnerabilities can be exploited by a malicious server.
PhpGedView is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user-supplied URI input. A remote attacker can create a malicious URI link that includes hostile HTML and script code. If the link is followed, the hostile code may be rendered in the victim user's web browser, potentially allowing for theft of authentication credentials or other attacks.
Services By CQR