A cross-site scripting problem has been reported in NetWin DBabble. This could make it possible for an attacker to potentially execute code in the security context of a site using the vulnerable software. This could be exploited by enticing a user to follow a malicious link to a site hosting the software.
A buffer overrun has been discovered in the Yahoo! Webcam ActiveX control. The problem occurs due to insufficient bounds checking when handling user-supplied Webcam parameters. As a result, an attacker may be capable of hosting a malicious website designed to exploit this issue to execute arbitrary code, within the context of a victim users web browser.
Liquid War has been reported prone to a buffer overflow condition when handling HOME environment variables of excessive length. The issue presents itself, due to a lack of sufficient boundary checks performed on data contained in the HOME environment variable before it is copied into a reserved buffer in stack based memory. It has been reported that a local attacker may exploit this condition to execute arbitrary instructions with GID Games privileges.
It has been reported that ChatZilla is prone to a denial of service vulnerability. The problem arises as a remote attacker posing as an IRC server sends specially crafted requests to the client containing large strings. If successful, an attack would lead to a denial of service in the client software.
Nokia Electronic Documentation (NED) has been reported prone to a cross-site scripting vulnerability. The issue has been conjectured to present itself due to a lack of sufficient sanitization performed on user supplied data. A remote attacker may exploit this issue by enticing a target user to follow a malicious link to the affected Nokia Electronic Documentation site, which contains embedded HTML and script code. The attacker-supplied code would potentially be rendered in the user's browser when the link is followed.
A vulnerability has been discovered in Nokia Electronic Documentation (NED) that may allow an attacker to redirect connections to a third party system. The problem likely occurs due to the NED server failing to sufficiently verify hosts provided within specific HTTP requests. As a result, an attacker may be capable of making a request that would cause data to be redirected to a third party system. This may allow an attacker to interact with an otherwise inaccessible system, or potentially hide the origin of attacks launched against other targets.
Nokia Electronic Documentation (NED) is prone to a vulnerability that may enable remote attackers to list directory contents. This issue may be exploited by appending a dot (.) to a request for a NED page. Exploitation will also have the side-effect of disclosing the path to the directory.
It has been reported that Alt-N MDaemon server is prone to an SMTP HELO command argument buffer overflow vulnerability. The issue presents itself likely due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. It has been reported that a remote attacker may exploit this condition to trigger a denial of service in the affected daemon.
It has been reported that Ipswitch IMail server is prone to an SMTP HELO command argument buffer overflow vulnerability. The issue presents itself likely due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. It has been reported that a remote attacker may exploit this condition to trigger a denial of service in the affected daemon.
It has been reported that WebForums and File-Sharing for NET are prone to a remote directory traversal attack due to insufficient sanitization of user-supplied data. This vulnerability could allow a remote attacker to traverse outside the server root directory by using '/../' character sequences. Successful exploitation of this issue could allow a remote attacker to gain access to sensitive information.
Services By CQR