The Web Help Desk software by SolarWinds is affected by a stored cross-site scripting (XSS) vulnerability. The vulnerability can be exploited by submitting a malicious payload in the Subject and Request Details fields of the client web ticket submit system. Additionally, tickets created automatically via email can also trigger the XSS when viewed. The vulnerability allows an attacker to execute arbitrary script code in the context of the user's browser, potentially leading to session hijacking or the theft of sensitive information.
Microsoft Windows Internet Explorer 6.0 SP1 introduced restrictions for certain URI handlers (such as file:// and res://). It has been demonstrated in the past that these URI handlers could be abused and incorporated into different types of attacks against users of the browser, such as cross-protocol scripting attacks or attacks which access local resources.As a safety measure, Service Pack 1 addressed this issue by restricting the client from accessing any of the dangerous URI handlers from the Internet Zone.However, it is possible to circumvent these restrictions by employing a HTTP redirect to a page which contains one of the restricted URIs.It is still possible to open any file:// or res:// file automatically with:<object type="text/html" data="redirect.asp"></object>where redirect.asp makes a HTTP redirect using this HTTP header:Location: file://c:/test.txt
This exploit causes the Opera 9 IRC client to crash, resulting in a denial of service. The exploit is in the form of a string of characters that is sent to the client, causing it to become unresponsive and crash.
A buffer overflow has been discovered in the _XKB_CHARSET library in Tru64 Unix. This vulnerability allows a local user to execute arbitrary instructions, potentially leading to the execution of attacker-supplied code and elevated privileges.
Cisco VPN 3000 series concentrators are prone to a denial of service condition when receiving an overly long username string during authentication from a VPN client.Successful exploitation will cause the device to reload.
A flaw in Microsoft Internet Explorer may reveal the entire contents of XML files and partial contents of other files to attackers. This vulnerability allows an attacker to read the entire contents of XML files, and fragments of other files, existing in a known location, from a victim user's system. This vulnerability can be exploited via a malicious webpage or via malicious HTML e-mail. Other applications that use the Internet Explorer engine are affected as well (Outlook, MSN Explorer, etc.).
The vulnerability allows an attacker to include arbitrary files from the server. By manipulating the 'wb_class_dir' parameter, an attacker can include a shell script and execute arbitrary commands on the server.
JPEGsnoop is a detailed JPEG image decoder and analysis tool. It reports all image metadata and can even help identify if an image has been edited.
The exploit allows an attacker to execute arbitrary code on a remote system by exploiting a SEH overflow vulnerability in NCMedia Sound Editor Pro v7.5.1. By placing a specially crafted .dat file in the correct directory and opening it within the application, an attacker can trigger the vulnerability and gain control of the system. This exploit is based on a semi-universal ROP chain that utilizes the MSVCR70.dll library included with the software.
The Inso DynaWeb webserver dwhttpd is prone to a remotely exploitable format-string vulnerability that occurs when logging requests for files that do not exist. Exploits may allow attacker-supplied code supplied to run with the privileges of the dwhttpd. Note that a vulnerability described in Bugtraq ID 5583 allows for unauthenticated remote attackers to view the logfile. Attackers may exploit that vulnerability to more easily exploit this issue successfully and automatically.
Services By CQR