The Beehive Forum application fails to properly sanitize user-supplied input, leading to an SQL injection vulnerability. An attacker can exploit this vulnerability to bypass authentication and gain administrative access to the site. Other attacks may also be possible.
The GNOME Evolution email client is vulnerable to a denial-of-service attack when processing messages that contain inline XML file attachments with excessively long strings.
ZixForum is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This exploit allows an attacker to execute arbitrary code on a remote server running MDPro version 1.0.76. The vulnerability is based on a cookie called 'lang' that can be manipulated to execute commands on the server.
This exploit allows an attacker to execute remote code on a vulnerable e107 version 0.7.5. The vulnerability is found in the gsitemap.php file on line 19-28.
An attacker can nest BBCode IMG tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. Other attacks are also possible.
PowerPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This exploit allows for local elevation of privileges on Windows Utility Manager, providing a shell with system privileges. By executing specific steps, the exploit opens a file open dialog window in Windows Help and uses it to execute cmd.exe.
Apache Geronimo is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the application, access or modify data, or steal cookie-based authentication credentials. The attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Files in the /admin directory use a very poor security method for authentication that is simple to bypass.
Services By CQR