The Built2Go News Manager Blog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Built2Go News Manager Blog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The aWebNews application is prone to multiple remote file-include vulnerabilities. An attacker can exploit these vulnerabilities by including an arbitrary remote file that contains malicious PHP code and executing it in the context of the webserver process. This can lead to the compromise of the application and the underlying system, allowing for various other attacks.
PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. An attacker with permissions to execute PHP code on an affected computer may exploit this issue to crash PHP and kill all remaining webserver threads. This will result in denial-of-service conditions. Although this issue is local in nature, a remote attacker may exploit it by using other latent vulnerabilities such as a remote file-include issues; other remote attack vectors are also possible.
An attacker can exploit a weakness in Evolution to add arbitrary content into a GnuPG signed and/or encrypted message. This vulnerability is due to the weakness discussed in BID 22757 (GnuPG Signed Message Arbitrary Content Injection Weakness) and has been assigned its own BID because of the specific way that Evolution uses GnuPG.
The vulnerability allows an attacker to add arbitrary content into a GnuPG signed and/or encrypted message without the end user knowing. This vulnerability is due to the weakness discussed in BID 22757 (GnuPG Signed Message Arbitrary Content Injection Weakness) and has been assigned its own BID because of the specific way that KMail uses GnuPG.
The vulnerability allows an attacker to add arbitrary content into a message without the end user knowing. An attacker can exploit this weakness in applications using GnuPG to add arbitrary content into a signed and/or encrypted message.
The HyperBook Guestbook v1.30 is prone to an information-disclosure vulnerability because the application fails to protect sensitive information. An attacker can exploit this issue to access sensitive information that may lead to other attacks.
Adobe Acrobat and Adobe Reader may allow remote attackers to retrieve the contents of files on a vulnerable computer. Information gathered through a successful exploit of this vulnerability may aid in other attacks.
WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR