PHP MyWebMin 1.0 is vulnerable to a remote file include vulnerability. This vulnerability is due to the application failing to properly sanitize user-supplied input to the 'target' and 'action' parameters of the 'window.php' and 'home.php' scripts. An attacker can exploit this vulnerability by supplying a malicious URL in the 'target' and 'action' parameters of the 'window.php' and 'home.php' scripts. This can allow the attacker to execute arbitrary code on the vulnerable system.
This exploit allows an attacker to include a remote file on the web server. The attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. The vulnerable application then includes the file specified in the request, allowing the attacker to execute arbitrary code on the web server.
Opera is reported to be susceptible to a JavaScript denial of Service vulnerability. This vulnerability presents itself when Opera attempts to execute a specific JavaScript command. Upon executing this command, Opera will reportedly crash.
BadBlue is prone to a vulnerability that may let the application be abused as a proxy. This vulnerability presents itself due to the 'Pass Thru' function allowing the server to be used as a proxy. This could be exploited by malicious parties to obfuscate their identities and bypass network access controls and firewalls.
A JavaScript denial-of-service vulnerability exists in various web browsers, including Mozilla Firefox, Microsoft Internet Explorer, and Opera. The specified JavaScript code will consume 100% of the CPU resources of the affected computer, crashing the browser.
An HTML injection vulnerability is reported in Sympa. The problem occurs due to a failure of the application to properly sanitize user-supplied input data. Unsuspecting users viewing the affected page will have attacker-supplied malicious code interpreted by their browser in the security context of the website hosting Sympa. Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
Ipswitch IMail is reported to use a weak encryption algorithm when obfuscating saved passwords. A local attacker who has the ability to read the encrypted passwords may easily derive the plaintext password if the username that is associated with the password is known. A local attacker may exploit this weakness to disclose user credentials.
Clearswift MIMEsweeper For Web is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. To carry out an attack an attacker may specify a relative path to a target file in a GET request to the vulnerable server, directory traversal character sequences may be supplied as a part of the request to escape the web root.
A vulnerability has been reported in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. This vulnerability could be exploited from a malicious web page or HTML email, and could result in loss or compromise of various security properties.
Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability. This issue arises due to a default configuration error that will permit the attacker to replace libraries required by setuid root applications with arbitrary code. This issue would allow an Oracle software owner to execute code as the superuser, taking control of the entire system.
Services By CQR