The 'title' parameter of the 'Reviews' script in PostNuke is prone to a cross-site scripting vulnerability. Exploiting this vulnerability could lead to the theft of cookie-based authentication credentials and other possible attacks.
This exploit abuses a buffer overflow vulnerability in Novell eDirectory. The vulnerability exists in the ndsd daemon, specifically in the NCP service, while parsing a specially crafted Keyed Object Login request. It allows remote code execution with root privileges.
ASPRunner versions 2.4 and prior are affected by multiple vulnerabilities including SQL injection, cross-site scripting, information disclosure, and unauthorized access to database files. An attacker can exploit these issues by sending a crafted HTTP request to the affected server.
The vulnerability allows malicious web pages to spoof the URI and SSL certificate of a trusted site, leading to potential phishing attacks and theft of sensitive information.
The vulnerability allows an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer. By manipulating the 'site' parameter in the 'index.php' file, the attacker can provide a URL to a malicious file hosted on their server, which will then be executed on the target system.
PostNuke fails to remove the install script 'install.php' after installation, allowing remote attackers to gain unauthorized access to the content management system and disclose administrator authentication credentials.
EasyWeb is prone to a directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. The issue occurs if a remote attacker sends a request to the 'ew_filemanager' script for a file containing directory traversal character sequences to the application.
The vulnerability in VPOP3 allows an attacker to perform a remote denial of service attack by sending a URI request with a large value for the 'msglistlen' parameter to the web mail interface.
Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to properly sanitize user-supplied input.Successful exploitation of this issue will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user. This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users.
HelpBox is susceptible to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied data. These vulnerabilities can be exploited by passing malicious SQL statements to certain scripts. Some scripts require administrative privileges to HelpBox, and one script allows exporting any table in the SQL server. Exploiting these vulnerabilities may result in unauthorized access to sensitive information, corruption of database data, or exploitation of latent vulnerabilities in the underlying database implementation.
Services By CQR