An HTML injection vulnerability is reported in Nihuo Web Log Analyzer. The problem occurs due to a lack of proper sanitization of user-supplied input data. Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
Sarad is prone to a buffer overflow vulnerability due to insufficient sanitization of user-supplied data. A remote attacker can trigger the overflow condition by supplying a large string value to the application, which may result in arbitrary code execution in the context of the server. Additionally, there are other instances of potential buffer overflow and format string vulnerabilities throughout the application, caused by the use of strcpy() and sprintf functions. Further analysis is ongoing.
Remote users can download the database file 'ZixForum.mdb' and access sensitive information including unencrypted authentication credentials.
An anonymous remote attacker can download a complete database backup from the server without authentication, potentially exposing user information and password hashes. The backup file includes the MD5 password hashes, which can be used for further attacks against the application. The issue affects PHP-Fusion version 4.00 and possibly other versions.
A vulnerability in Gallery allows a remote attacker to execute malicious scripts on a vulnerable system. The vulnerability occurs due to a design error in the 'set_time_limit' function, which allows an attacker to execute a malicious script on a server.
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities including multiple cross-site scripting vulnerabilities, an HTML injection vulnerability, a PHP source code disclosure vulnerability, and an SQL injection vulnerability. These vulnerabilities allow attackers to execute arbitrary code, disclose sensitive information, and perform various attacks on the affected system.
The webmail package embedded in Merak Mail Server is prone to multiple vulnerabilities, including cross-site scripting, HTML injection, PHP source code disclosure, and SQL injection. These vulnerabilities allow attackers to execute arbitrary script code in the context of the affected site, inject malicious HTML code, disclose sensitive PHP source code, and manipulate SQL queries.
The vulnerability allows an attacker to determine the existence of resources on a vulnerable computer by using an IFRAME that is accessible within the same domain and changing its URI to the location of a file or directory. The attacker can then determine the existence of the resource by the error message returned by Opera. This weakness can then allow the attacker to carry out other attacks against a vulnerable computer.
The vulnerability exists in the auth_login.php script of RaXnet Cacti due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'username' parameter, allowing them to bypass the authentication interface and execute arbitrary commands on the affected system.
The PScript PForum is vulnerable to an HTML injection attack due to insufficient sanitization of user input in the user profile form. This vulnerability can be exploited to steal cookie-based authentication credentials and potentially exploit browser security flaws.
Services By CQR