mod_security <= 2.1.0 is vulnerable to a bypass vulnerability where ASCIIZ bytes in POST data of the application/x-www-form-urlencoded content-type are not properly handled, allowing an attacker to bypass security rules. This vulnerability occurs due to a mismatch between the RFC-defined rules followed by mod_security and the actual behavior of HTTP request parsers in scripting languages like Perl, Python, Java, and PHP.
Freeciv is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle specially crafted network packets. An attacker can exploit these issues to cause the applications to become unresponsive or to crash the affected game servers, denying service to legitimate users.
The EDItran Communications Platform (editcp) is vulnerable to a remote buffer overflow due to insufficient input validation. Attackers can exploit this vulnerability to execute arbitrary code within the context of the application. Failed attacks may lead to a denial-of-service condition.
This vulnerability allows an attacker to leak sensitive information from memory using the substr_compare function in PHP 5. By manipulating the function parameters, an attacker can retrieve data from memory that should not be accessible. This can lead to the exposure of sensitive information such as passwords or cryptographic keys.
Xplico is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
ReCMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Wiki Web Help is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code could run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Flatnux is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
An attacker can exploit this issue to crash the affected application, resulting in a denial-of-service condition.
DPScms is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.