Multiple path disclosure vulnerabilities that occur when a user directly requests scripts in the '/includes/blocks/' and 'pnadodb' directories. This issue also affects scripts that are associated in multiple modules.Multiple cross-site scripting vulnerabilities were reported in the Downloads and Web_Links modules as well as the openwindow.php script. These issues may permit remote attackers to cause hostile HTML and script code to be interpreted by a victim user's browser.
Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting, and SQL injection vulnerabilities were reported. Exploitation of these issues may reveal sensitive information, allow for account hijacking, content manipulation, and attacks against the underlying database.
Multiple vulnerabilities were reported in phProfession module for PostNuke. These vulnerabilities include path disclosure, cross-site scripting, and SQL injection. Exploitation of these vulnerabilities can lead to sensitive information disclosure, account hijacking, content manipulation, and attacks against the underlying database.
A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. Exploiting this issue may permit remote attackers to more easily approximate TCP sequence numbers. The problem is that affected implementations will accept TCP sequence numbers within a certain range of the expected sequence number for a packet in the session. This will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing denial-of-service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated sequence number and a forged source IP and TCP port. Few factors may present viable target implementations, such as implementations that depend on long-lived TCP connections, have known or easily guessed IP address endpoints, or have known or easily guessed TCP source ports.
The Serv-U application is affected by a remote buffer overflow vulnerability in the list parameter. This vulnerability arises due to a lack of proper validation of buffer boundaries during the processing of user input. Successful exploitation of this vulnerability can lead to a denial of service condition and potentially allow an attacker to execute arbitrary code on the affected system with the privileges of the user running the vulnerable application.
The Exchange POP3 e-mail gateway is prone to a remote buffer overflow vulnerability that may allow an attacker to execute arbitrary code on a vulnerable system. This issue could allow an attacker to gain unauthorized access in the context of the affected process.
The first issue is an input validation error that allows for symbolic link attacks, potentially leading to corruption of system files. The second issue is a failure to properly validate buffer boundaries, which may result in crashes and potentially allow for arbitrary code execution.
The phpBB application is prone to a file include vulnerability that can be exploited by remote attackers. This vulnerability allows attackers to include a remote malicious script to be executed on a vulnerable system.
The BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. A remote user can specify a file to be uploaded and executed on a system running the affected software. This can result in unauthorized access to the system.
Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input. This issue may allow a remote attacker to manipulate query logic, leading to unauthorized access to sensitive information such as the user password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.