DCP-Portal is prone to multiple cross-site scripting vulnerabilities. The vulnerabilities exist because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI that contains arbitrary script code. The attacker-supplied script code may execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and launch other attacks.
The BlackBoard Internet Newsboard System is prone to a remote file include vulnerability. This vulnerability allows an attacker to include malicious files containing arbitrary script code to be executed on a vulnerable computer. The issue arises due to the application's failure to properly sanitize user-supplied data.
A vulnerability is reported to present itself in the array parsing functions of the 'php_variables.c' PHP source file. The vulnerability occurs when a PHP script is being used to print URI parameters or data, that are supplied by a third party, into a dynamically generated web page. It is reported that the vulnerable function does not strip certain characters from the user supplied data, this may ultimately be harnessed to manipulate the parsing function into returning regions of process memory to the attacker.
PHPLinks is reported prone to multiple input validation vulnerabilities. A file include vulnerability is reported to affect the 'index.php' script. This may allow an attacker to include and execute arbitrary PHP scripts. Code execution will occur in the context of the web server process that is hosting the vulnerable script. SQL injection issues are reported to exist in the application as well. Due to this, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries.
Macromedia ColdFusion MX is affected by a privilege escalation vulnerability when handling templates. This vulnerability allows a user to perform actions with administrator privileges, potentially leading to unauthorized access and control of the affected system.
The vulnerabilities arise due to insufficient sanitization of user-supplied data. A remote attacker can exploit these vulnerabilities by injecting SQL queries, executing malicious scripts, and manipulating HTTP responses.
ParaChat is susceptible to a directory traversal vulnerability. This issue allows remote attackers to retrieve the contents of arbitrary files located on the serving computer with the credentials of the ParaChat server process.
A vulnerability is reported to exist in the @lexPHPTeam @lex Guestbook software that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. The issue exists due to improper validation of user-supplied data. Remote attackers could potentially exploit this issue via a vulnerable variable to include a remote malicious PHP script, which will be executed in the context of the web server hosting the vulnerable software.
Multiple vendor implementations of the TCP stack are reported prone to a remote denial-of-service vulnerability. The issue is reported to present itself due to inefficiencies present when handling fragmented TCP packets. A remote attacker may exploit this vulnerability to deny service to an affected computer.
Multiple vendor implementations of the TCP stack are reported prone to a remote denial-of-service vulnerability. The issue is reported to present itself due to inefficiencies present when handling fragmented TCP packets. A remote attacker may exploit this vulnerability to deny service to an affected computer.
Services By CQR