A buffer overrun vulnerability is reported for Citadel/UX. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments.An anonymous remote attacker may be capable of exploiting this issue to execute arbitrary code. This however has not been confirmed. Failed exploit attempts may result in a denial of service.
The boundary condition error allows an attacker to execute arbitrary code with the user's privileges, while the input validation issue can be leveraged for cross-site scripting attacks.
The boundary condition error allows an attacker to execute arbitrary code on the affected computer. The input validation issue can be exploited for cross-site scripting attacks.
The JAWS application is affected by a remote SQL injection vulnerability. This vulnerability exists due to a failure in properly sanitizing user-supplied URI parameter input before using it in an SQL query. An attacker can exploit this issue to manipulate database queries and potentially view or modify sensitive information.
Verylost lostBook is affected by an HTML injection vulnerability in its message entry functionality. This issue allows an attacker to inject malicious HTML and script code into the application, potentially leading to the execution of the attacker's code within the user's browser. This vulnerability can be exploited to steal cookie-based authentication credentials and may allow for other attacks.
Comersus Cart is affected by a remote SQL injection vulnerability. The issue occurs when the application fails to properly sanitize user-supplied URI parameter input before using it in an SQL query. An attacker can exploit this vulnerability by passing malicious SQL statements as a value for the username field during authentication. This allows the attacker to influence database queries and potentially view or modify sensitive information, compromising the software or the database.
The AntiBoard application is vulnerable to multiple instances of SQL injection and a cross-site scripting vulnerability. These vulnerabilities are caused by insufficient sanitization of user-supplied data. An attacker can exploit these vulnerabilities to execute arbitrary SQL queries, manipulate database contents, and execute malicious scripts in the context of the victim's browser.
Multiple vulnerabilities are reported to exist in the application due to insufficient sanitization of user-supplied data. The issues include various instances of SQL injection and a cross-site scripting vulnerability.
RiSearch and RiSearch Pro are prone to an open proxy vulnerability due to a lack of sufficient sanitization on user-supplied URI parameters. A remote attacker can exploit this vulnerability to launch attacks against local and public services in the context of the vulnerable script's host site.
Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. This issue is due to a race condition error.This issue may be leveraged by an attacker to display false information in the address bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to be derived from a trusted location. This may facilitate phishing attacks; attempted theft of user information for the purpose of identity theft.
Services By CQR