The vulnerabilities in Sambar Server allow an attacker to access sensitive files, carry out directory traversal attacks, and execute cross-site scripting attacks. These issues can be exploited by an attacker with administrative privileges, and it is reported that the server does not have an administrative password set by default. Even administrators without intended privileges can exploit these vulnerabilities. The specific vulnerability can be triggered by accessing the following URL: http://www.example.com/sysadmin/system/show.asp?show=<script>alert("oops")</script>
SquirrelMail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this issue to gain access to an unsuspecting user's cookie-based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.
e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.
The Land Down Under website is vulnerable to HTML injection due to a flaw in their BBCode implementation. An attacker can exploit this vulnerability to inject malicious HTML code into the website, potentially leading to theft of cookie credentials, content manipulation, or other attacks.
JPortal is affected by a remote SQL injection vulnerability in the print.inc.php script. This allows a malicious user to influence database queries and potentially compromise the software or the database. An attacker can exploit this issue to disclose the administrator password hash.
This vulnerability allows a remote attacker to execute arbitrary code in the context of the server process by exploiting a lack of sufficient boundary checks performed on CD command arguments.
This exploit allows an attacker to execute remote commands on the target server using the exV2 software. It works regardless of the php.ini settings and has two different exploit methods for register_globals=on or off.
PHP is affected by an arbitrary command-execution weakness through the PHP 'include()' function. This issue allows the execution of attacker-supplied POST PHP commands when URI data is used as an argument to an 'include()' function.
The Java System Application Server is prone to a remote installation path disclosure vulnerability. This vulnerability occurs due to a failure of the application to properly filter user requests. Successful exploitation of this vulnerability may allow an attacker to gain sensitive information about the file system, which can be used to launch more direct attacks against the system.
Minishare is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle improperly formed HTTP requests. This issue will allow an attacker to cause the affected computer to stop responding, denying service to legitimate users.