Thefacebook is affected by various cross-site scripting vulnerabilities. These vulnerabilities occur due to a failure to properly sanitize user-supplied URI input. An attacker can create a malicious URI link containing hostile HTML and script code. If a victim user follows this link, the malicious code can be executed in the web browser, potentially leading to the theft of authentication credentials or other attacks.
A remote HTTP response splitting vulnerability reportedly affects phpWebSite in its user module. This issue is due to a failure of the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages.
Private Message System is prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages. The vulnerability exists in the 'message_send.php' script, specifically in the 'tid' parameter. An attacker can exploit this issue by injecting arbitrary HTML or script code into the vulnerable parameter, potentially allowing them to steal sensitive information or execute arbitrary code in the context of the affected site.
The Aztek Forum is prone to multiple input validation vulnerabilities that allow an attacker to carry out cross-site scripting (XSS) and possibly other attacks. These vulnerabilities can be exploited by injecting malicious code into specific parameters.
The vulnerabilities in 04WebServer allow for cross-site scripting attacks and log injection due to improper input sanitization. An attacker can exploit these issues to execute arbitrary scripts on the affected server and inject arbitrary characters into log files, potentially leading to corruption.
Multiple remote vulnerabilities are reported to exist in WebCalendar. Multiple cross-site scripting vulnerabilities, an HTTP response splitting vulnerability, and two authentication bypass vulnerabilities are reported to exist in many different scripts in the affected application.
The vulnerabilities in the image handling functionality through the <IMG> tag can allow remote attackers to determine the existence of local files, cause a denial of service condition, and disclose passwords for Windows systems via file shares.
Microsoft Internet Explorer is reported prone to a local resource enumeration vulnerability. It is reported that the vulnerability exists because when handling 'res://' requests for local resources, Internet Explorer behavior may reveal the existence of local files. An attacker may employ information that is harvested in this manner to aid in further attacks that are launched against a target computer.
602 LAN SUITE is prone to multiple remote denial of service vulnerabilities. The first vulnerability allows an attacker to consume CPU and memory resources on a target server due to a lack of sanity checking before memory allocation. The second vulnerability is related to the telnet proxy requests handling, where the proxy does not perform sufficient sanity checks on the destination IP, allowing a remote attacker to exhaust all available sockets on the target computer.
Services By CQR