WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.This issue affects WordPress 2.3; other versions may also be vulnerable.http://www.example.com/wp-admin/edit-post-rows.php?posts_columns[]=alert(123);
The IBM Lotus Domino Server is vulnerable to a remote buffer-overflow vulnerability. The vulnerability occurs due to a failure to properly bounds-check user-supplied data before copying it to a memory buffer that is insufficiently sized. An attacker can exploit this vulnerability to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. An exploit is available for Lotus Domino Server running on Windows platforms. It is not known if other platforms are affected. This vulnerability may be related to the IMAP buffer-overflow vulnerability described in BID 26176.
The vulnerability in Mozilla Firefox allows for a persistent denial of service attack. This can be achieved by setting a malicious bookmark and then following it. Once successful, the browser will stop responding to all URI requests. Even after restarting the browser, the condition persists.
Multi-Forums is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
A remote attacker can exploit this issue by using directory-traversal sequences to retrieve arbitrary files on a victim user's computer.
The Aleris Web Publishing Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
basicFramework is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
CodeWidgets Web Based Alpha Tabbed Address Book is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Attackers can upload and download arbitrary files and execute arbitrary code within the context of the webserver process by exploiting the vulnerabilities in GHBoard.
The GHBoard application is prone to multiple vulnerabilities that allow attackers to upload and download arbitrary files and execute arbitrary code within the context of the webserver process. The vulnerabilities can be exploited by sending a crafted HTTP request to the affected server. Specifically, the 'download.jsp' script does not properly validate user-supplied input in the 'name' parameter, allowing for directory traversal attacks and arbitrary file downloads. This can lead to unauthorized access to sensitive information or remote code execution depending on the file accessed. This vulnerability is assigned multiple CVE identifiers: CVE-2007-6472, CVE-2007-6473.
Services By CQR