Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues. The vulnerabilities exist because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands.
An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands.
Woltlab Burning Board is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
The exploit is for the sasser.x FTP server and it takes advantage of a SEH (Structured Exception Handling) pointer overwriting vulnerability. The exploit version is 1.4 and it is a public exploit. The author of the exploit is mandragore. The exploit was discovered in 2004. The affected versions are not mentioned.
A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.
The Built2Go News Manager Blog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Built2Go News Manager Blog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The aWebNews application is prone to multiple remote file-include vulnerabilities. An attacker can exploit these vulnerabilities by including an arbitrary remote file that contains malicious PHP code and executing it in the context of the webserver process. This can lead to the compromise of the application and the underlying system, allowing for various other attacks.
PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. An attacker with permissions to execute PHP code on an affected computer may exploit this issue to crash PHP and kill all remaining webserver threads. This will result in denial-of-service conditions. Although this issue is local in nature, a remote attacker may exploit it by using other latent vulnerabilities such as a remote file-include issues; other remote attack vectors are also possible.
Services By CQR