PHP is prone to a command execution vulnerability in its shell escape functions due to a failure to properly sanitize function arguments. This vulnerability allows an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server, potentially leading to unauthorized access.
The vulnerability in cPanel allows a remote authenticated administrator to delete customer account DNS information for customers not under their administration. By exploiting this vulnerability, an attacker can cause a denial of service (DoS) condition on vulnerable websites. The attack can be carried out by sending a specially crafted HTTP request to the vulnerable URL: http://www.example.com:2086/scripts/killacct?domain=(domain)&user=(user)&submit-domain=Terminate
An unprivileged user can recover the administrative password for FoolProof application by manipulating the password recovery algorithm. This allows the attacker to gain unauthorized administrative access to the application.
Colin McRae Rally 2004 has a flaw in handling server responses when entering the multiplayer menu. An attacker can mimic a server and send an invalid response to crash the client game, denying service to legitimate users.
CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML code into the name field and in chat sessions for live help.
The Mail Manage EX application is prone to a remote file include vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied data. A remote attacker can exploit this issue by including arbitrary PHP files located on remote servers.
The vulnerability allows an attacker to inject malicious HTML code into the 'from' field email header, potentially leading to unauthorized access to user's cookie-based authentication credentials and disclosure of personal email. Other attacks are also possible.
PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue will allow an attacker to gain access to sensitive scripts such as the 'admin.php' script. The attacker may be able to exploit this unauthorized access to carry out attacks against the affected application.
A remote buffer-overrun vulnerability in Firebird allows a remote attacker to execute attacker-supplied code in the context of the affected software. The vulnerability occurs due to insufficient boundary checks when handling database names in the database server.
TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. This issue will allow an attacker to download or view scripts residing in the 'cgi-bin' directory.