Emumail, an open source web mail application, may reveal sensitive configuration information under certain conditions. When unexpected characters are inserted into certain fields in web mail forms, the form generates an error. The error page returned may contain the directory to the web root on the Emumail server.
This module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.
Variables $mosConfig_absolute_path are not properly sanitized, allowing an attacker to inject a simple PHP script and gain system access. The vulnerability can be exploited when register_globals=on and allow_fopenurl=on.
Plib is prone to stack based Buffer overflow in the error function in ssg/ssgParser.cxx when it loads 3d model files as X (Direct x), ASC, ASE, ATG, and OFF. This exploit uses flightgear's utility 3dconvert. It creates a corrupted ASE file "test.ase", just run: FlightGearbinWin323dconvert.exe test.ase test.obj
The INCLUDEPICTURE Field Code in Microsoft Word allows for the insertion of arbitrary URLs into a document. This functionality can be abused by an attacker to obtain the contents of files on the victim user's system. By including the URL in the field code and referencing files on the victim's system, the attacker can potentially access sensitive information. This vulnerability can be particularly dangerous in situations where documents are constantly being shared and updated.
A buffer overflow has been discovered in Trillian version .73 and .74. When processing a PRIVMSG command with an overly large sender name, a buffer overflow will occur resulting in memory corruption and a denial of service. Although not yet confirmed, because memory can be overwritten, it may be possible for arbitrary attacker-supplied code to be executed with the privileges of the client.
The Web Help Desk software by SolarWinds is affected by a stored cross-site scripting (XSS) vulnerability. The vulnerability can be exploited by submitting a malicious payload in the Subject and Request Details fields of the client web ticket submit system. Additionally, tickets created automatically via email can also trigger the XSS when viewed. The vulnerability allows an attacker to execute arbitrary script code in the context of the user's browser, potentially leading to session hijacking or the theft of sensitive information.
Microsoft Windows Internet Explorer 6.0 SP1 introduced restrictions for certain URI handlers (such as file:// and res://). It has been demonstrated in the past that these URI handlers could be abused and incorporated into different types of attacks against users of the browser, such as cross-protocol scripting attacks or attacks which access local resources.As a safety measure, Service Pack 1 addressed this issue by restricting the client from accessing any of the dangerous URI handlers from the Internet Zone.However, it is possible to circumvent these restrictions by employing a HTTP redirect to a page which contains one of the restricted URIs.It is still possible to open any file:// or res:// file automatically with:<object type="text/html" data="redirect.asp"></object>where redirect.asp makes a HTTP redirect using this HTTP header:Location: file://c:/test.txt
This exploit causes the Opera 9 IRC client to crash, resulting in a denial of service. The exploit is in the form of a string of characters that is sent to the client, causing it to become unresponsive and crash.
A buffer overflow has been discovered in the _XKB_CHARSET library in Tru64 Unix. This vulnerability allows a local user to execute arbitrary instructions, potentially leading to the execution of attacker-supplied code and elevated privileges.
Services By CQR