KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue allows attackers to embed arbitrary FTP server commands in malicious URIs, leading to the execution of these commands on remote servers. Attackers can exploit this vulnerability to download malicious files to the victim's computer or send email to arbitrary addresses without user interaction.
Microsoft Internet Explorer is prone to an arbitrary FTP server command-execution vulnerability. Attackers can embed arbitrary FTP server commands in malicious URIs, which, upon following, will connect the victim user's browser to the attacker-specified FTP server and send the malicious commands. This can result in the download of malicious files to the victim's computer without their knowledge. The vulnerability can also be leveraged to send email to arbitrary addresses without user interaction.
The affected browsers crash due to a NULL pointer dereference when a JavaScript function tries to print an IFRAME embedded in the page.
paFileDB is prone to an installation path disclosure. If invalid requests are made to certain scripts, the installation path is included in the returned error message.
A cross-site scripting vulnerability exists in Advanced Guestbook due to a failure in properly sanitizing user-supplied URI input. An attacker can create a malicious URI link containing hostile HTML and script code. When a victim user follows the link, the code will be executed in their web browser, potentially allowing for theft of authentication credentials or other attacks.
The vulnerability allows an attacker to access arbitrary files on the server by manipulating the 'file' parameter in the URL. By including '../' sequences, an attacker can traverse directories and access sensitive files such as the password file (/etc/passwd).
rssh is prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer. The vulnerability can be exploited using the following commands:1. ssh restricteduser@remotehost 'rsync -e "touch /tmp/example --" localhost:/dev/null /tmp'2. scp command.sh restricteduser@remotehost:/tmp/command.sh3. ssh restricteduser@remotehost 'scp -S /tmp/command.sh localhost:/dev/null /tmp'
scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer.
JanaServer 2, a commercially available proxy server for Windows, is vulnerable to multiple denial of service attacks. The vulnerabilities occur due to the application's inability to handle malformed network communications. The first vulnerability occurs when the application receives malformed HTTP requests, while the second vulnerability occurs when it processes malformed RealPlayer streaming data. An attacker can exploit these vulnerabilities to cause the proxy server to hang, resulting in a denial of service for legitimate users.
IPCop is susceptible to an HTML injection vulnerability in its proxy log viewer. This allows remote attackers to inject malicious HTML or script code, which is displayed to administrative users and executed in the context of the affected web application. Attackers may be able to execute administrative actions on behalf of the administrator and perform theft of authentication credentials and other attacks.
Services By CQR