PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory. Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. This issue may help the attacker gain unauthorized access.
The PHP open_basedir restriction-bypass vulnerability allows attackers to access sensitive information or write files in unauthorized locations. This vulnerability is due to a design error. It can be exploited in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. The 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other, but this vulnerability bypasses those restrictions.
LimeSurvey suffers from a stored cross-site scripting and SQL Injection vulnerability. Input passed to the 'label_name' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Input passed to the 'group_name' POST parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a heap-based buffer overflow. Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
The HP JetDirect FTP Print Server is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue on an affected computer to deny service to legitimate users.
aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input.An attacker could exploit these vulnerabilities to view the directory structure on the affected webserver and perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit these vulnerabilities to view the directory structure on the affected webserver and perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
PHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages. Exploiting this issue allows a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.
Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Services By CQR