PBLang is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code encapsulated in PBLang tags, when posting to the bulletin board. Attacker supplied code may be rendered in the web browser of a user who views these areas of the site. This would occur in the security context of the site hosting PBLang.
It has been reported that a weakness may have been re-introduced into Microsoft Outlook Express. According to the source, the issue described in Bugtraq ID 3334 had been fixed by Microsoft but appears to have resurfaced. An attacker can exploit this vulnerability by crafting a malicious HTML email containing a malicious JavaScript code in the 'dynsrc' attribute of an 'img' tag and a malicious HTML code in a 'font' tag. When the email is viewed, the malicious code will be executed in the context of the user's browser.
The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and script code in certain fields within the form. This code may be rendered in the web browser of a user who views the site.
Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a denial of service attack. Any local or remote user, who can authenticate and is part of the Everyone Group, may trigger a denial of service condition in an affected SQL Server. It has been reported that, if a remote attacker sends an unusually large request to a named pipe, the SQL Server will become unresponsive.
e107 Website System 'db.php' has been reported prone to an information disclosure vulnerability. A remote attacker may exploit this vulnerability to invoke the dump_sql routine without prior authentication. Information returned to the attacker may be of a sensitive nature.
It has been reported that a script contained in paFileDB does not properly verify user credentials before accepting files for upload. As a result, remote attackers may be able to upload files to the Web server. After a file has been uploaded, it may be possible for the attacker to execute the file remotely.
PHP-Gastebuch has been reported prone to multiple information disclosure vulnerabilities. The issue presents itself because the affected software fails to sufficiently control access to sensitive files contained in the PHP-Gastebuch installation. It has been reported that an attacker may make a request for several sensitive PHP-Gastebuch files, and in doing so reveal potentially sensitive information including administrative MD5 password hashes.
xfstt is reported to be prone to an unspecified memory disclosure vulnerability. This issue can be triggered by remote attackers to cause a denial of service. The server may also return details about the memory layout of the underlying system when this issue is triggered.
The Opera M2 Mail Client is vulnerable to a policy circumvention issue that could allow information to be disclosed to a remote attacker. It is possible for an attacker to bypass the option to suppress the viewing of external embeds. This could allow the attacker to learn the IP address of a vulnerable user and to determine if an e-mail address is valid.
A problem has been reported in the handling of requests of excessive length placed to the service on port 280 by the Xavi X7028r DSL router. This may allow an attacker to crash a vulnerable router. An attacker can exploit this vulnerability by sending a crafted request of excessive length to the service on port 280.
Services By CQR