The vulnerabilities in SugarCRM are caused by insufficient sanitization of user-supplied input. An attacker can exploit these issues to perform various attacks including cross-site scripting, HTML injection, SQL injection, and directory traversal attacks.
The 'submit URI link' function in NuKed-Klan is prone to a HTML injection vulnerability. This is due to a lack of input validation on the 'website name' input field of the form. Attackers can exploit this vulnerability to manipulate web content or steal cookie-based authentication credentials. They can also perform arbitrary actions as the victim user.
A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet.
The cross-site scripting issue is present in a parameter of the 'popup.php' script. An attacker can exploit this issue by creating a malicious link containing HTML and script code and send this link to a vulnerable user. This can allow for theft of cookie-based authentication credentials and other attacks. An SQL injection issue exists in the application as well. This issue affects a parameter of the 'print.php' script. Due to this, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries.
The Halo game client is prone to a remote denial of service vulnerability. When using the in-game browser to view a server list, a malicious reply from a server can crash the affected client.
The ZyXEL Prestige router series is prone to an access validation vulnerability. The vulnerability allows remote attackers to reset the router's configuration by accessing a specific configuration page of the ZyXEL Prestige HTTP-based remote administration service.
A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
The Opera Web Browser Java implementation has multiple remote vulnerabilities due to its insecure proprietary design. An attacker can craft a Java applet that violates Sun's Java secure programming guidelines. These vulnerabilities can be leveraged to carry out various attacks, including sensitive information disclosure and denial of service attacks. Successful exploitation would occur with the privileges of the user running the affected browser application.
The vulnerabilities in the Opera Web Browser Java implementation allow an attacker to craft a Java applet that violates Sun's Java secure programming guidelines. These vulnerabilities can be exploited to carry out various attacks, including sensitive information disclosure and denial of service attacks. Successful exploitation would occur with the privileges of the user running the affected browser application.
A local user can exploit the Altiris Deployment Solution Client interface to escalate privileges.
Services By CQR