OpenBB is affected by multiple input validation vulnerabilities. These vulnerabilities allow for SQL injection attacks and cross-site scripting (XSS) attacks. The SQL injection vulnerabilities can lead to unauthorized access to sensitive information and potential database corruption. The XSS vulnerabilities can be exploited to steal authentication credentials and perform other attacks.
Modular Site Management System (MSMS) is prone to an information disclosure issue that could allow an attacker to gain access to a server's configuration information. The vulnerability exists in version 0.2.1, but other versions may also be affected.
The vulnerabilities in Protector System for PHP-Nuke allow for cross-site scripting attacks and SQL injection attacks. These vulnerabilities can be exploited to reveal sensitive information, hijack user accounts, manipulate content, and attack the underlying database.
These vulnerabilities in Protector System module for PHP-Nuke can be exploited to reveal sensitive information, allow for account hijacking, content manipulation, and attacks against the underlying database.
An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible.
The vulnerability allows an unprivileged local user to obtain kernel memory contents and a root user to write to arbitrary regions of kernel memory. The vulnerability is caused by integer handling errors in the proc handler for cpufreq.
The Unreal Tournament Engine is affected by a local file overwrite vulnerability due to the UMOD manifest.ini file. This issue is due to an input validation error that allows a malicious user to specify arbitrary files for writing, potentially leading to a system-wide denial of service condition.
pisg is prone to an input validation vulnerability. The vulnerability occurs when monitoring an IRC server that allows the use of HTML code as a value for the IRC Nickname. This allows an attacker to inject malicious HTML code into the generated HTML pages by pisg.
NewsTraXor is affected by a remote database disclosure vulnerability. The issue is caused by a design error that allows the database file to be globally readable. This vulnerability may allow a remote attacker to gain unauthorized administrative access to the affected web application.
The xine media player and library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrary files. By setting certain configuration parameters and specifying an attacker-specified file, an attacker can overwrite the target file on the affected system.