CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML code into the name field and in chat sessions for live help.
The Mail Manage EX application is prone to a remote file include vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied data. A remote attacker can exploit this issue by including arbitrary PHP files located on remote servers.
The vulnerability allows an attacker to inject malicious HTML code into the 'from' field email header, potentially leading to unauthorized access to user's cookie-based authentication credentials and disclosure of personal email. Other attacks are also possible.
PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue will allow an attacker to gain access to sensitive scripts such as the 'admin.php' script. The attacker may be able to exploit this unauthorized access to carry out attacks against the affected application.
A remote buffer-overrun vulnerability in Firebird allows a remote attacker to execute attacker-supplied code in the context of the affected software. The vulnerability occurs due to insufficient boundary checks when handling database names in the database server.
TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. This issue will allow an attacker to download or view scripts residing in the 'cgi-bin' directory.
The vulnerabilities in Sambar Server allow an attacker to access sensitive files, carry out directory traversal attacks, and execute cross-site scripting attacks. These issues can be exploited by an attacker with administrative privileges, and it is reported that the server does not have an administrative password set by default. Even administrators without intended privileges can exploit these vulnerabilities. The specific vulnerability can be triggered by accessing the following URL: http://www.example.com/sysadmin/system/show.asp?show=<script>alert("oops")</script>
SquirrelMail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this issue to gain access to an unsuspecting user's cookie-based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.
e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.
The Land Down Under website is vulnerable to HTML injection due to a flaw in their BBCode implementation. An attacker can exploit this vulnerability to inject malicious HTML code into the website, potentially leading to theft of cookie credentials, content manipulation, or other attacks.
Services By CQR