An attacker can exploit this issue to gain unauthorized access to the affected application. Successfully exploiting this issue will lead to other attacks.
Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. For an exploit to succeed, access to the WAP interface's ping feature must be allowed.
Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly enforce restrictions on script behavior. An attacker may exploit this issue to bypass restrictions on the execution of JavaScript code. This may aid in further attacks. Examples of the exploit include using the STYLE, IMG, BODY, LINK, META, IFRAME, DIV, STYLE, A, STYLE, OBJECT, STYLE, SCRIPT, VIDEO, LAYER, EMBED, and APPLET tags.
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.
A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible. An example exploit code is given above.
DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically. Successfully exploiting this issue may allow attackers to bypass the Mail's call-approval dialog and place a call automatically from a vulnerable device. An attacker can exploit this issue by creating a malicious HTML page containing a specially crafted JavaScript code.
Irssi is prone to an off-by-one, heap-based, memory-corruption vulnerability because it fails to properly bounds-check user-supplied data before copying it into a memory buffer. Attackers can exploit this issue to crash the vulnerable client, resulting in a denial-of-service condition. Given the nature of this issue, attackers may also be able to run arbitrary code within the context of the vulnerable application, but this has not been confirmed.
GUPnP is prone to a vulnerability that remote attackers may exploit to cause denial-of-service conditions. An attacker can send a specially crafted POST request to the vulnerable server to trigger this vulnerability.
Mozilla Firefox and SeaMonkey are affected by a URI-spoofing vulnerability because they fail to adequately handle user-supplied data. An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site.
Services By CQR