Moodle is susceptible to a cross-site scripting vulnerability in the 'help.php' script. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content. This issue may allow for theft of cookie-based authentication credentials. Other attacks are also possible.
Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer boundaries before storing input in fixed buffers. Immediate consequences of this attack may cause the affected daemon to crash, denying service to legitimate users. Furthermore, due to the nature this issue, arbitrary code execution may be possible. This would occur in the context running daemon process.
SquirrelMail is affected by a cross-site scripting vulnerability in the handling of folder name displays. This issue allows for the inclusion of malicious script code in dynamic web content.
The DiGi WWW Server is vulnerable to a remote denial of service attack. This vulnerability can be exploited by sending a malformed HTTP GET request to the server, causing the web server process to consume excessive CPU resources. An example of a malicious request is: GET ///[660Kb of /]/// HTTP/1.1
Multiple unspecified local buffer overrun and format string vulnerabilities have been reported to exist in various setuid Veritas NetBackup binaries. These issues may be exploited to execute arbitrary code with root privileges.
Multiple unspecified local buffer overrun and format string vulnerabilities have been reported to exist in various setuid Veritas NetBackup binaries. These issues may be exploited to execute arbitrary code with root privileges.
Multiple unspecified local buffer overrun and format string vulnerabilities have been reported to exist in various setuid Veritas NetBackup binaries. These issues may be exploited to execute arbitrary code with root privileges.
The PHP-Nuke Video Gallery module is affected by multiple SQL injection vulnerabilities. These vulnerabilities arise due to the application's failure to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit these issues to manipulate query logic, potentially gaining unauthorized access to sensitive information like the administrator password hash or corrupting the database data. It may also be possible to exploit latent vulnerabilities in the underlying database implementation.