SmartMail Server is reported to be prone to a denial of service when a client is sending data and then closes the connection unexpectedly. SmartMail Server will need to be restarted to regain normal functionality.
The Cisco AS5350 Universal Gateway is reported to be prone to a denial of service condition. It is possible to cause this condition by portscanning a vulnerable device. This issue was reported for Cisco AS5350 devices running Cisco IOS release 12.2(11)T. Other firmware and devices may also be affected.
Dobermann Forum is vulnerable to a Remote File Inclusion vulnerability which allows an attacker to include arbitrary files located on remote servers. This vulnerability is present in several PHP script files provided with Dobermann. An attacker can exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter.
A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request containing dot-dot-slash (../) directory traversal sequences. The request must be for a known resource, and the file request must be appended by a null byte (%00).
A buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking on some POP server commands. An attacker can exploit this vulnerability by submitting a very large integer value to some commands on the POP server. This will cause the MDaemon service to crash when attempting to process the command.
A problem in SolarWinds TFTP Server may result in a denial of service. Under some circumstances, it may be possible to crash a vulnerable TFTP server by sending a UDP packet to the server that is 8193 or more bytes. Doing this can consistently reproduce a crash of the server, requiring a manual restart to resume normal operation.
Mojo Mail does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Mojo Mail. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.
MyMarket is prone to cross-site scripting attacks. HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker can create a link to a site running the vulnerable software which contains malicious attacker-supplied HTML and script code. When this link is visited, the attacker-supplied code will execute in the user's web client in the security context of the site hosting the software.
It has been reported that it is possible for an unauthorized attacker to gain administrative access to gBook by passing a malicious request to a php script. Exploiting this issue could allow unauthorized attackers to execute arbitrary administrative actions against the target guestbook, such as corrupt valid user supplied entries.
AOL Instant Messenger (AIM) is prone to an issue which may allow attackers to execute arbitrary files on the client system. It is possible to send a malicious link which references local files to a user of the client. When the link is visited, the referenced file on the client's local filesystem will be executed. To exploit this issue, the attacker must know the exact location of the file to be executed. Additionally, there can be no spaces in the path or filename. This limits exploitability, since files must be on the same partition and command line arguments cannot be supplied.
Services By CQR