IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Remote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable. The following string is sufficient to trigger this issue: ?abc?
Multiple CA Service Management products are prone to a command injection vulnerability due to insufficient access restrictions. An attacker can leverage this vulnerability to execute arbitrary commands by submitting a malicious command through netcat or telnet.
Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, control how the site is rendered to the user, or perform unauthorized actions as another user; other attacks may also be possible.
Google Chrome is prone to an information-disclosure vulnerability because it fails to adequately validate server-issued instructions while in PASV (passive) mode. Attackers can exploit this issue to port-scan networks inside a victim computer's firewall. Information harvested may aid in further attacks.
SolucionXpressPro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
aMSN is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.ctt' file. Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.
KDE Konqueror is prone to multiple cross-site scripting vulnerabilities and multiple denial-of-service vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or cause the affected browser to crash.
Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library. Remote attackers can exploit this issue to crash the affected browser, denial-of-service condition. Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different platforms may also be affected. Note (December 20, 2010): Safari on iOS 4.0.1 is also vulnerable.
Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library. Remote attackers can exploit this issue to crash the affected browser, resulting in a denial-of-service condition. Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different platforms may also be affected. Note (December 20, 2010): Safari on iOS 4.0.1 is also vulnerable. A proof-of-concept exploit is available that uses a malicious HTML file to trigger the vulnerability.
Openfire is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.