TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The Atlassian JIRA application is prone to a cross-site scripting vulnerability due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site. This can lead to the execution of malicious scripts in the browser of unsuspecting users, potentially allowing the attacker to steal authentication credentials and launch further attacks.
The eXtreme File Hosting application fails to sufficiently sanitize user-supplied input, allowing an attacker to upload and execute arbitrary PHP script code in the context of the affected webserver process. This can lead to the compromise of the application and enable other possible attacks.
The Sage Extension Feed application fails to properly sanitize user-supplied input before using it in dynamically generated content, leading to an HTML-injection vulnerability. Hostile HTML and script code can be injected into vulnerable sections of the application, which can be rendered in the browser of a user viewing a malicious RSS feed.
An attacker can exploit this issue to execute arbitrary commands with superuser privileges, resulting in the compromise of the computer. To exploit this issue, an attacker must have authenticated access to a customer control panel.
The PHPFanBase (protection.php) file is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file, which can lead to remote code execution or other malicious activities.
MySQLNewsEngine is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Coppermine Photo Gallery is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary PHP code in the context of the webserver process. This may facilitate a remote compromise of the underlying system; other attacks are also possible.
PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
The PortailPHP application is prone to multiple remote file-include vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process, potentially leading to unauthorized access. The specific vulnerability occurs in PortailPHP 2, but other versions may also be affected.
Services By CQR