The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data. An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of a user running the command. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.
This weakness allows attackers to enable the 'register_globals' directive in PHP by exploiting a memory-limit exception. Enabling 'register_globals' may allow further exploitation of latent vulnerabilities in PHP scripts. This issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249.
PhpStats is prone to a remote code-execution vulnerability because the application fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process.
Php-Stats is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Oracle Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Holtstraeter Rot 13 is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
A local attacker can delete arbitrary files in the context of the user running the application by creating a specific file and running the affected cron script.
The Horde Framework application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can inject HTML and script code, which will execute in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials.
Viper Web Portal is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users.
Services By CQR