When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web. It has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a 'stack' configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command.
It has been reported that the Compaq Insight Manager web interface is prone to cross-site scripting attacks. It is possible to construct a malicious link to a Compaq Insight Manager web interface that includes arbitrary script code. When the link is visited with a web client, the script code will execute in the context of the Compaq Insight Manager web interface.
It is possible for an attacker to specify a remote location for phpWebsite to download an attacker-supplied htmlheader.php script. This issue could be exploited to execute arbitrary commands within the context of the webserver process.
A vulnerability has been reported for Trillian. Reportedly, Trillian is prone to a buffer overflow condition when it receives blocks of data that are larger than 4095 bytes. A malicious server may exploit this condition to cause a denial of service in the client. This may also potentially be exploited to execute arbitrary code, though this possibility has not been confirmed.
A vulnerability has been reported for Trillian. Reportedly, Trillian is prone to a denial of service condition when certain it receives messages about a user leaving a non-specified channel or a channel that the user is not currently in. It is possible to exploit this issue via a malicious server.
JAWMail is vulnerable to HTML injection attacks due to insufficient filtering of malicious HTML code from emails. When a user opens an email in JAWMail that contains malicious HTML code, the code contained in the mail would be executed in the browser of the mail user. An example of malicious HTML code is the code shown above, which would cause an alert box to appear when the user hovers over the word 'bolder'.
Mac OS X is vulnerable to command injection due to improper handling of some links. A user clicking on a link containing special characters and embedded commands could cause the execution of the commands in the link to be carried out in a terminal.app window. These commands would be executed in the security context of the user.
A vulnerability has been discovered in Alsaplayer. By specifying an overly long "add-on path", it is possible for an attacker to overrun the buffer, potentially allowing for execution of attacker-supplied code.
The Trillian IRC module does not sufficiently check bounds on JOIN commands. A malicious IRC server may potentially exploit this condition to cause a denial of service or execute arbitrary code with the privileges of the client.
Multiple cross site scripting vulnerabilities have been discovered in various PHP scripts included with SquirrelMail. By including embedded commands into a malicious link, it is possible for an attacker to execute HTML and script code on a web client in the context of the site hosting the webmail system.
Services By CQR