Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server. An attacker can exploit this vulnerability by manipulating the 'cfolder' URI parameter to the browse.asp script and sending a link to a victim user. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.
When Internet Explorer FTP is used in 'Classic Mode', a malicious script code can be executed in the security zone of another FTP site. The script code will be executed with the permissions of the user running Internet Explorer.
It has been reported that Unicenter Asset Manager stores password information in a way that may be easily recovered. Because of this, an attacker may be able to gain access to potentially sensitive resources.
Microsoft Internet Explorer is prone to a boundary condition error when handling OBJECT tags in web pages. When a web page containing an OBJECT tag using a parameter containing excessive data is encountered by a vulnerable client, a internal memory buffer will be overrun. This could cause Internet Explorer to fail or potentially result in the execution arbitrary code in the security context of the current user.
Scripts that include the PHP phpinfo() debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.
MegaBrowser is prone to a file disclosure vulnerability due to a directory traversal attack. Attackers can use directory traversal sequences to break out of the web root directory and gain access to files that are readable by the web server.
It has been reported that Pablo FTP Service stores FTP User account passwords in plaintext format. As a result, these credentials could be exposed to other users. It should be noted that while this weakness has been reported to affect Pablo FTP service version 1.2, other versions might also be affected.
It has been reported that Pablo FTP Service does not sufficiently restrict the anonymous user account, which is active by default. Because of this, a default configuration may provide a conduit for the disclosure of potentially sensitive information. An attacker may exploit this vulnerability to access arbitrary files on the underlying system and potentially disclose sensitive information.
A buffer overflow vulnerability has been reported for the kon2 utility shipped with various Linux distributions. Exploitation of this vulnerability may result in a local attacker obtaining elevated privileges on a vulnerable system. The vulnerability exists due to insufficient bounds checking performed on some commandline options passed to the vulnerable utility.
Pi3Web is prone to a buffer overflow vulnerability due to insufficient bounds checking of URI parameters. This could be exploited to cause a denial of service or possibly to execute malicious instructions.
Services By CQR