The Linksys Web Camera software is prone to a cross-site scripting vulnerability that may allow a remote attacker to steal cookie-based authentication credentials or carry out other attacks. The vulnerability occurs when an attacker passes malicious HTML or script code to the application via the 'next_file' parameter of the 'main.cgi' script.
The WinAgents TFTP Server is prone to a remote off-by-one buffer overrun vulnerability. The issue occurs due to a lack of sufficient boundary checks performed on filenames when a request is made for a file. A remote attacker can exploit this vulnerability by sending a malicious request with a filename of excessive length, triggering the vulnerability and resulting in a denial of service.
PHP-Nuke is prone to multiple vulnerabilities including cross-site scripting (XSS) in the 'Faq', 'Encyclopedia', and 'Reviews' modules, SQL injection in the 'Reviews' module, and a remote denial of service (DoS) vulnerability in the score subsystem of the 'Review' module. These vulnerabilities occur due to insufficient sanitization of user-supplied data, allowing remote attackers to execute malicious code, modify database queries, and deny service to legitimate users.
PHP-Nuke is prone to multiple vulnerabilities including cross-site scripting issues in the 'Faq', 'Encyclopedia', and 'Reviews' modules, an SQL Injection vulnerability in the 'Reviews' module, and a remote denial of service vulnerability in the score subsystem of the 'Review' module. These vulnerabilities are caused by insufficient sanitization of user-supplied data, allowing attackers to execute malicious code, modify database queries, and deny service to legitimate users.
An attacker can obfuscate the URI of a link in Microsoft Internet Explorer and Opera, which can lead to the impersonation of legitimate websites and the theft of sensitive information from users. This vulnerability allows an attacker to redirect users to an attacker-controlled site.
Blackboard allows users to download files posted in the 'Digital Dropbox' without proper authorization. The application does not verify the requester's authorization, allowing anyone with the URI to download the file. An attacker can exploit this vulnerability to access potentially sensitive information.
Invision Power Board's 'ssi.php' script is prone to an SQL injection vulnerability. Attackers can exploit this vulnerability by passing SQL statements to the underlying database through the script. Depending on the underlying database, this vulnerability can result in data corruption or theft, execution of commands or procedures on the database server, or exploitation of other vulnerabilities in the database.
The 'returnurl' parameter in the 'signin.aspx' script of AspDotNetStorefront is not properly sanitized, allowing remote attackers to execute malicious JavaScript code and steal user authentication credentials.
AspDotNetStorefront is prone to an access validation vulnerability that may allow a remote attacker to delete arbitrary contents from a vulnerable Web site. The issue occurs because the 'deleteicon.aspx' script does not validate access before allowing an unprivileged user to delete contents such as icons and images from the site. Other attacks may be possible as well, however, this has not been confirmed.
cPanel is affected by a remote SQL injection vulnerability in the passwd script. The issue occurs when user-supplied URI parameter input is not properly sanitized before being used in an SQL query. Malicious SQL statements can be passed to the passwd script through URI parameters, allowing a malicious user to influence database queries and potentially view or modify sensitive information.
Services By CQR