Novell Directory Services is a hierarchical, object oriented database that represents all the assets in an organization in a logical tree. Assets can include people, positions, servers, workstations, applications, printers, services, groups, etc. The use of dynamic rights inheritance and equivalence allows both global and fine grained access controls to be implemented efficiently. Access rights between objects in the tree are determined at the time of the request and is determined by the rights assigned to the objects by virtue of their location in the tree, any security equivalences and individual assignment. Proof of concept DoS code was provided which exploited the vulnerability.
This exploit is a Cross-site Scripting (XSS) vulnerability in the dhost/modules of example.com. The vulnerability allows an attacker to inject malicious JavaScript code into the web page, which is then executed in the browser of the victim. The malicious code can be used to steal sensitive information, such as session cookies, or to redirect the user to a malicious website.
XM Easy Personal FTP Server 5.8 is vulnerable to a remote denial of service attack. An attacker can send a maliciously crafted 'nlst' command with an overly long string to the FTP server, causing the server to crash.
The ssl3_read_bytes() function in s3_pkt.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TLS handshake, related to a 'Triple Handshake' attack.
Mozilla Network Security Services (NSS) is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. The NSS library is used by a number of applications, including Mozilla Firefox, Thunderbird, and SeaMonkey. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
EmpireCMS47 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'name', 'email', 'call', 'lytext' and 'enews' parameters of the 'index.php' script. An attacker can send a specially crafted HTTP request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database.
This module exploits an integer overflow flaw in the Microsoft Windows Embedded OpenType font parsing code located in win32k.sys. Since the kernel itself parses embedded web fonts, it is possible to trigger a BSoD from a normal web page when viewed with Internet Explorer.
A remote SQL injection vulnerability exists in Joomla Component com_soundset. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information stored in the database.
A remote SQL injection vulnerability exists in Joomla Component com_cbresumebuilder. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
A malformed bind LDAP packet can make dhost.exe service crashing.
Services By CQR