Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is due to a failure to sanitize HTML email messages and may allow an attacker to execute arbitrary commands on a vulnerable computer.
The Keene Digital Media Server is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities exist in multiple scripts and are caused by a lack of proper input sanitization. An attacker can exploit these vulnerabilities by tricking a user into clicking on a malicious link. Successful exploitation could result in the theft of authentication credentials or other malicious activities.
The Ipswitch WhatsUp Gold web interface is prone to a remotely exploitable buffer overflow vulnerability. This may be exploited by authenticated users of the interface to execute arbitrary code in the context of the program.
QNX PPoEd is prone to a vulnerability that allows an attacker to gain elevated privileges on a vulnerable host. The issue occurs due to a problem in the handling of paths to external executables used by PPPoEd. By exploiting this vulnerability, an attacker can execute arbitrary commands with elevated privileges.
QNX PPPoEd is prone to multiple local buffer overflow vulnerabilities. The issues occur when handling certain command line arguments greater than 256 bytes in length. By corrupting crucial variables, an attacker can control program execution flow and execute arbitrary instructions in the context of the superuser.
The vulnerability allows unprivileged users to execute commands as the DBA, potentially compromising the database.
CuteNews is affected by a cross-site scripting vulnerability due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can create a malicious URI link that includes hostile HTML and script code. If the link is followed, the code may be rendered in the victim user's web browser, allowing for theft of authentication credentials or other attacks.
MailWorks Professional is prone to an authentication bypass vulnerability. The application uses cookies to store variables that determine the status of the authentication process. An attacker browsing the web application using specially crafted cookie data is able to bypass the authentication process to access the site as an administrative user. This vulnerability allows a remote attacker to gain administrative access to the affected application.
A local file include and arbitrary file upload web vulnerability via POST request method is detected in the mobile WiFilet v1.2 app for the apple ipad & iphone. The vulnerability allows remote attackers via POST method to inject local app webserver folders to request unauthorized local webserver files. The main vulnerability is located in the upload file script of the webserver (http://192.168.0.10:9999/) when processing to load a manipulated filename via POST request method. The execution of the injected path or file request will occur when the attacker is watching the file index listing of the wifi web application web-server. Remote attackers can also unauthorized implement m
The Rix4Web Portal is vulnerable to blind SQL injection. This can be exploited by injecting malicious SQL queries into the 'dir_link' parameter. An attacker can execute arbitrary SQL commands and retrieve sensitive information from the database.
Services By CQR