It is possible for local users to cause man to cache files in the system cache directory from outside of the configured manual page hierarchy search path. Combined with the behaviours of 'man' and 'mandb' or any other utilities which trust cache filenames, it may be possible to use this vulnerability to elevate privileges.
An attacker can compose a message in WebBoard's interactive messaging (paging) function, containing certain escape characters and JavaScript commands, and send the page to a target user. Upon receiving the message, the target client will improperly execute the JavaScript embedded in the page, which could result in the appearance of multiple message windows.
It is possible to view the source code of arbitrary scripts on the WebTrends Live webserver. This is accomplished by crafting a URL with an encoded space after the filename of the script.
Acme.Serve 1.7 comes with a webserver that listens on port 9090. This webserver allows clients to browse the filesystem. By default, this webserver is enabled and accessible by any remote host on the Internet. If an attacker were to connect, they could view possibly sensitive information, such as '/etc/shadow' by connecting to http://potentialvictim:9090//etc/shadow.
Interscan Viruswall is a virus scanning software package distributed and maintained by Trend Micro. It is designed to scan for virus occurrences in both incoming and outgoing traffic via SMTP, FTP, and HTTP at the gateway of the network. The management interface used with the Interscan Viruswall uses several programs in a cgi directory that may allow a remote attacker to make configuration changes using maliciously-constructed querystrings submitted to the host.
Olicom routers provide a low-cost routing solution for small businesses. A problem with Olicom routers could allow unauthorized access to certain configuration variables within the device. The ILMI SNMP Community string allows read and write access to certain configuration parameters such as the organization to which the routers belongs. These parameters do not affect normal operation, but could be used further in a social engineering attack. This problem makes it possible for a remote user to launch a social engineering attack, potentially gaining unauthorized access to the device.
eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway. This is done by simply encoding the <SCRIPT> tag in Unicode format, such that the filter ignores the call to execute the script.
eSafe Gateway is a security utility used for filtering internet content. It is possible to craft an html file that slips through eSafe Gateway's script filtering feature. eSafe Gateway will ignore scripting commands that are embedded in any html tags that allow it. This causes eSafe Gateway to generate filtered html that still includes potentially dangerous scripting functions.
It is possible for attackers to create an encrypted document that will exploit a format string vulnerability in the GnuPG client when the document is decrypted. This vulnerability may lead to remote attackers gaining access to client hosts.
Eudora is an email program for the Windows platform. Eudora contains a vulnerability which may make it possible for an attacker to excecute arbitrary code on a remote system even if 'allow executables in HTML content' is disabled, if the 'Use Microsoft viewer' option is enabled. The attack can be carried out if the recipient of a maliciously crafted email 'submits' a form in the message.
Services By CQR