Liferay Enterprise Portal is vulnerable to multiple cross-site scripting (XSS) and HTML injection vulnerabilities. These vulnerabilities occur because user-supplied data from various input fields is included in server-generated content without proper validation or encoding. This allows for typical XSS attacks against other users of the portal.
The e107 website system is prone to a remote HTML injection vulnerability. This vulnerability occurs when a user supplies malicious HTML or script code to the application using a URI parameter of the log.php script. The application fails to properly sanitize user-supplied input, allowing the injected HTML code to be stored and rendered in the browser of unsuspecting users when the log page of the affected site is viewed.
The vulnerability allows attackers to hide the true contents of a URI link by using a malicious image within a properly formatted HREF tag. This can trick users into following a malicious link that appears to be from a trusted site.
The vulnerability allows attackers to hide the true contents of a URI link by using a malicious image within a properly formatted HREF tag. This can trick users into following a malicious link that appears to be a trusted site.
DSM Light is prone to a directory traversal vulnerability. The issue occurs when the application fails to properly sanitize user-supplied URI input. An attacker can exploit this vulnerability to view arbitrary, web-readable files on the affected computer, potentially aiding them in conducting further attacks.
ActiveState Perl is prone to an integer overflow vulnerability. It occurs due to a lack of sufficient bounds checking on multiplier data passed to a Perl duplicator statement. This vulnerability allows an attacker to influence the execution flow of a vulnerable Perl script and execute arbitrary code. Failed exploit attempts will result in a denial of service.
OmniHTTPD is affected by a GET request buffer overflow vulnerability. This issue occurs due to a failure of the application to properly validate string sizes when processing user input. An attacker could exploit this vulnerability to execute arbitrary code with the privileges of the affected web server.
A buffer overflow vulnerability exists in ActiveState Perl and Perl for cygwin due to a lack of sufficient bounds checking on data passed to the Perl system() function call. This vulnerability allows an attacker to manipulate the execution flow of a vulnerable Perl script and execute arbitrary code. The arbitrary code execution occurs within the context of the user running the malicious Perl script.
The PHP-Nuke application is prone to a potential file include vulnerability. This vulnerability allows a remote attacker to include malicious files that contain arbitrary code, which can be executed on a vulnerable system. The vulnerability is exploited by manipulating the 'modpath' parameter in the application's URL.
osCommerce has a directory-traversal vulnerability that allows a remote attacker to possibly obtain sensitive information. The software improperly sanitizes user-supplied input and allows '../' directory-traversal character sequences when serving files. This allows the attacker to access files outside of the application document root, potentially allowing the attacker to view files that contain sensitive information or aid them in further attacks on the computer.
Services By CQR