PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability. An attacker can exploit these issues to gain access to sensitive information and send arbitrary messages to registered users. Other attacks are also possible.
awiki is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
phpWebSite is vulnerable to a cross-site scripting vulnerability due to insufficient input sanitization. Attackers can exploit this vulnerability to inject and execute arbitrary script code in the victim's browser within the context of the affected website. This can lead to the theft of authentication credentials stored in cookies and enable further attacks.
SurgeFTP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
PHP Flat File Guestbook is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server. In versions <= 3.0.8 authentication can be done by using the WordPress credentials of a user with any role. In later versions, a valid EasyCart admin password will be required that is in use by any admin user. A default installation of EasyCart will setup a user called 'demouser' with a preset password of 'demouser'.
There seems to be an design error in the handling of RPC data with xdr procedures across several .dll's imported by Mediasvr.exe. Four bytes from an RPC packet are processed as a particular address (xdr_handle_t data which is run through multiple bit shifts, and reversing of bytes), and eventually loaded into ECX. The 191 (0xbf) procedure, followed by nulls (at least 8 bytes of nulls, which may be Null Credentials and Auth?) leads to an exploitable condition. At this point, you have control of ECX (esp+8 is your address data). The data from the packet is stored in memory and is relatively static (see NOTE). The address is then loaded into EAX, and then called as EAX+2Ch, which is controllable data from the packet. In this code, I just jump ahead to the portbinding shellcode. NOTE: The only issue I have found is when the system is rebooted, the packet data appears at a higher memory location when Mediasvr.exe crashes and is restarted. I have accounted for this in the code, when the port that Mediasvr.exe is listening on is below TCP port 1100, which is usually only after a reboot
The eShop plugin for WordPress is vulnerable to multiple cross-site scripting vulnerabilities due to inadequate input sanitization. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious activities.
The Adobe Flash Media Server is prone to a remote denial-of-service vulnerability. Successful exploits will allow attackers to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; however, this has not been confirmed.
The BlueSoft Rate My Photo Site is vulnerable to SQL injection due to insufficient sanitization of user-supplied data used in SQL queries. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit other vulnerabilities in the underlying database.
Services By CQR