Oracle Reports Server may allow remote attackers to disclose parts of arbitrary files. Reportedly, the server fails to restrict users from accessing parts of arbitrary files when handling specially crafted HTTP GET requests.
Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Oracle Reports Server may allow remote attackers to disclose parts of arbitrary XML files. Reportedly, the server fails to restrict users from accessing parts of arbitrary XML files when handling specially crafted HTTP GET requests.
Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This may be used to inject hostile HTML and script code into the Web mail application. When a user opens an email containing the hostile code, it may be rendered in their browser. Successful exploitation could potentially allow theft of cookie-based authentication. Other attacks are also possible.
Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
e107 Website System is prone to a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
osCommerce is prone to an information-disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the webserver process. Successful exploitation would result in information disclosure. Information obtained could aid the attacker in further attacks against the underlying system; other attacks are also possible.
Skype is affected by an insecure temporary file creation vulnerability. Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser. This issue is reportedly similar to the one described in BID 14282. Successful exploitation results in crashing the affected Web browser. It may be possible that execution of arbitrary code may also be achieved, but this has not been confirmed.
Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the JPEG image rendering library used by the browser. This issue is due to a failure of the application to properly bounds check input data prior to copying it to a fixed size memory buffer. Successful exploitation may result in execution of arbitrary code in the context of the user executing the affected browser.
Services By CQR