A problem in the handling of specially crafted UUEncoded messages in ClamAV allows an attacker to prevent the delivery of e-mail to users.
The vulnerabilities allow attackers to perform cross-site scripting attacks, inject HTML code, and hijack user accounts using specially crafted cookies. An attacker can exploit these vulnerabilities by sending malicious requests to the affected PHPX server.
X-Cart is prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of the application to sanitize values specified by parameters in the URI.
A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a malformed request, a malevolent user may be able to force the server to crash, denying service to legitimate users.
The RhinoSoft Serv-U FTP Server is prone to a buffer overflow vulnerability. This vulnerability occurs when a 'site chmod' command is issued on a non-existent file with an excessively long filename. This can result in an internal buffer overrun, causing the FTP server to fail and potentially allowing for the execution of arbitrary code.
The McAfee ePolicy Orchestrator agent has a buffer management vulnerability that can be exploited to crash the affected agent and potentially trigger a buffer overflow. The vulnerability exists due to insufficient sanitization of certain values in HTTP POST headers processed by the ePolicy Orchestrator.
This is a 0day exploit that targets a heap overflow vulnerability in Internet Explorer's COM Object. It allows an attacker to execute arbitrary code and download and execute a file on the victim's machine. The exploit is written in C and uses a shellcode to achieve code execution.
Multiple vulnerabilities in Banana Dance allow for gaining access to sensitive information, performing SQL injection attacks, and compromising the vulnerable system. The PHP File Inclusion vulnerability (CVE-2012-5242) allows for arbitrary file inclusion via improper verification of input passed via the 'name' POST parameter in '/functions/ajax.php'. The Improper Access Control vulnerability (CVE-2012-5243) allows unauthenticated users to access the '/functions/suggest.php' script and read arbitrary information from the database.
The YeaLink IP Phone SIP-TxxP firmware version 9.70.0.100 and lower is vulnerable to multiple vulnerabilities. The first vulnerability allows an unprivileged user to enable Telnet on the phone by posting directly to the ConfigManApp.com page. The default user 'user' with password 'user' can exploit this vulnerability. Additionally, a CSRF attack can also enable Telnet on the phone. The second vulnerability is the presence of default telnet shell users with hardcoded usernames and passwords in the firmware. After enabling telnet, shell access can go unnoticed.
This vulnerability allows an attacker to upload a shell ASP file to the SelectSurvey CMS (ASP.NET) application, which can lead to remote code execution.
Services By CQR