CartWIZ is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when downloaded. This can occur without user knowledge, and can be a security risk for certain file types on certain platforms.
The issue arises because the affected phones do not verify the 'Call-ID', 'tag' and 'branch' headers of NOTIFY messages and process spoofed status messages instead of rejecting the messages.
Novell NetMail email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically, when the email message is viewed. A successful attack may allow the attacker to obtain session cookies and carry out other attacks.
GNU GNATS gen-index allows local attackers to disclose and overwrite arbitrary files. A successful attack can result in privilege escalation and a complete compromise of the affected computer as gen-index is installed with setuid permissions. An attacker can use the gen-index command to overwrite files with arbitrary content.
McAfee IntruShield Security Management System is susceptible to multiple vulnerabilities. The first two issues are cross-site scripting vulnerabilities in the 'intruvert/jsp/systemHealth/SystemEvent.jsp' script. These issues are due to a failure of the application to properly sanitize user-supplied data prior to utilizing it in dynamically generated HTML. The next two issues are authorization bypass vulnerabilities leading to information disclosure and the ability to acknowledge, de-acknowledge, and delete security alerts. These vulnerabilities require a valid user account in the affected application.
A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../'. Exploitation of this vulnerability could lead to a loss of confidentiality.
IBM Lotus Notes email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically when the email message is viewed. Specifically, users accessing standard Notes mail templates through a Web mail client are affected. This vulnerability may be leveraged by a remote attacker to automatically execute arbitrary script code in the context of a target user.
oftpd is prone to a remotely exploitable buffer overflow. This may be triggered by a client through an overly long argument for the USER command. Successful exploitation may let a remote attacker execute arbitrary code in the context of the server process.
JAWS is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
Services By CQR