A design error in BrowseGate allows an authenticated user to view other users' encrypted passwords. The encrypted password is stored in the 'brwgate.ini' configuration file and can be decrypted using a weak encryption scheme.
An authenticated user can view other users' login information and possibly gain access to passwords. The configuration file dialsrv.ini, which contains user login information including encrypted passwords, is accessible to all Windows authenticated users. The weak encryption scheme used by SmartServer3 can be easily broken using a third-party utility.
Cart32 is subject to a denial of service. When requesting a specially formed URL the application will cause the CPU utilization to spike to 100%. A restart of the application is required in order to gain normal functionality.
The top program contains a format-string vulnerability that may lead to a compromise of effective groupid kmem on BSD systems (or similar privileges on other systems). The problem occurs in the printing of error messages to a user's terminal. A string partially composed of user input (the error message) is passed to a printf() function as the format string argument, allowing malicious format specifiers in user input to corrupt stack variables and execute arbitrary code. If a malicious user gains egid kmem, vital information can be read from the kernel memory that may lead to a further elevation of privileges (most certainly root eventually).
This is a proof-of-concept exploit for a buffer overflow vulnerability in an IT file parser. The vulnerability occurs when parsing certain fields in the IT file format, leading to a buffer overflow that can be exploited to execute arbitrary code.
The Xeams Email Server version 4.4 Build 5720 is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious scripts into the body of an email, which will be executed when the recipient views the email. This can lead to unauthorized access, data theft, or further attacks on the victim's system.
The T-dah Webmail Client version 3.2.0-2.3 is vulnerable to XSS attacks. An attacker can inject malicious scripts into the body of an email, which will be executed when the email is viewed by the victim. This can lead to session hijacking, defacement of the webmail interface, and stealing of sensitive information.
The SimpleMail plugin for WordPress is vulnerable to XSS attacks. An attacker can inject malicious JavaScript code into various fields such as To, From, Date, and Subject. This allows the attacker to execute arbitrary scripts in the victim's browser.
This exploit allows an attacker to inject malicious scripts into the body of an email sent using AfterLogic Mailsuite Pro. The payload can be used to execute arbitrary JavaScript code in the victim's browser.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent). Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) context manipulation. Exploitation requires low user interaction & privileged user account. The persistent validation vulnerabilities are located in the new mail & contacts modules with the bound values to, bcc, cc. The bug can be exploited by remote attackers. The attacker is sending a malicious mail with vulnerable script code values as content. The admin or customer is watching the arriving mail and the persistent script code in To or Bcc inputs. The context will be executed (persistent) when the user, customer, or admin is processing to check his mails. A privileged user account can also use the bug to save it persistent for higher privileged user account exploitation.
Services By CQR