The ePortfolio application fails to sanitize user-supplied data, leading to various attacks such as cross-site scripting and SQL injection.
KDE Konqueror is prone to a remote denial-of-service vulnerability because of an error in KDE's JavaScript implementation. An attacker may exploit this vulnerability to cause Konquerer to crash, resulting in denial-of-service conditions. Konqueror included with KDE version 3.5.5 is vulnerable; other versions may also be affected.
The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file ('php.ini'). This issue occurs because the application is installed with an 'ini_modifier' program that may be executed by local users and will bypass the authentication that is required by the application to change the configuration file. An attacker could add a malicious PHP extension to the configuration or otherwise tamper with PHP configuration directives. A successful exploit could grant the attacker elevated privileges on the computer.
The Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues. These vulnerabilities occur due to the application failing to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues. The vulnerabilities exist because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands.
An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands.
Woltlab Burning Board is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
The exploit is for the sasser.x FTP server and it takes advantage of a SEH (Structured Exception Handling) pointer overwriting vulnerability. The exploit version is 1.4 and it is a public exploit. The author of the exploit is mandragore. The exploit was discovered in 2004. The affected versions are not mentioned.
A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.
Services By CQR