pnTresMailer is reported susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data. This vulnerability can be exploited to retrieve arbitrary, potentially sensitive files from the hosting computer with the privileges of the web server. This may aid a malicious user in further attacks.
Mozilla Firefox is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.
It is reported that Soldier of Fortune 2 is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to perform sufficient bounds checking on user-supplied input prior to copying it to a fixed-sized memory buffer. A remote attacker may exploit this vulnerability to deny service to legitimate users. Due to the nature of this vulnerability, it is conjectured that remote code execution may be possible, but this is not confirmed.
SecureAction Research Secure Network Messenger is vulnerable to a remote denial of service attack due to a failure of the application to properly handle exceptional network data. An attacker can leverage this vulnerability to cause a computer running the vulnerable application to crash, denying service to legitimate users.
Master of Orion III is reported prone to multiple remote denial of service vulnerabilities. These issues occur because the application does not handle exceptional conditions in a proper manner.
The Microsoft cumulative Internet Explorer patch (MS04-038) attempted to limit what files may be dragged and dropped onto the local computer from the Internet Zone to prevent executable objects from being placed on the file system in this manner. However, a number of file types are still permitted for drag and drop operations. It has demonstrated that it is possible to embed hostile HTML and script code in one of these file types, remove the file extension and then allow the operating system to dynamically determine the file type based on its contents.
Microsoft Outlook Express is reported prone to a security policy bypass vulnerability. The vulnerability presents itself if an attached image file is referenced using a specially crafted CID URI. This will result in a policy bypass because the image will be automatically rendered when the email is viewed in Outlook Express.
Wordpress is reported prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests are handled. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which try to entice client users into a false sense of trust.
This is a stack overflow exploit for McAfee ePolicy Orchestrator 3.5.0 and ProtectionPilot 1.1.0. Tested on Windows 2000 SP4 and Windows 2003 SP1. This module is based on the exploit by xbxice and muts.
VyPRESS Messenger is vulnerable to a remote buffer overflow vulnerability due to a failure of the application to verify the length of user-supplied strings prior to copying them into finite process buffers. An attacker can leverage this issue to remotely execute arbitrary machine code on an affected computer with the privileges of the user running the affected application. It is possible to exploit all hosts on a local area network by sending a message to a broadcast address.
Services By CQR