Multiple remote vulnerabilities are reported to exist in WebCalendar. Multiple cross-site scripting vulnerabilities, an HTTP response splitting vulnerability, and two authentication bypass vulnerabilities are reported to exist in many different scripts in the affected application.
The vulnerabilities in the image handling functionality through the <IMG> tag can allow remote attackers to determine the existence of local files, cause a denial of service condition, and disclose passwords for Windows systems via file shares.
Microsoft Internet Explorer is reported prone to a local resource enumeration vulnerability. It is reported that the vulnerability exists because when handling 'res://' requests for local resources, Internet Explorer behavior may reveal the existence of local files. An attacker may employ information that is harvested in this manner to aid in further attacks that are launched against a target computer.
602 LAN SUITE is prone to multiple remote denial of service vulnerabilities. The first vulnerability allows an attacker to consume CPU and memory resources on a target server due to a lack of sanity checking before memory allocation. The second vulnerability is related to the telnet proxy requests handling, where the proxy does not perform sufficient sanity checks on the destination IP, allowing a remote attacker to exhaust all available sockets on the target computer.
ScanMail for Domino is prone to a vulnerability that may allow sensitive configuration files to be disclosed to remote attackers. A successful attack may allow an attacker to disclose sensitive information and disable antivirus protection on a gateway, allowing potentially malicious email messages to reach internal users. This issue may result in a malicious code infection.
Lithtech game engine is prone to multiple remote format-string vulnerabilities because of incorrect usage of 'printf()'-type functions. Format specifiers can be supplied directly to vulnerable functions from external data. A denial-of-service condition arises when a vulnerable server handles a malformed request. Exploiting these issues may also allow an attacker to write to arbitrary process memory and potentially execute code. Any code executed through this vulnerability could potentially run with the privileges of the server.
The TIPS MailPost application is affected by a remote file enumeration vulnerability. This vulnerability arises due to the application's failure to properly sanitize user requests. An attacker can exploit this vulnerability to gain knowledge of the existence of files outside the Web root directory. By accessing the URL 'http://www.example.com/scripts/mailpost.exe/..%255c..%255c..%255cwinnt/system.ini?*nosend*=&email=test@procheckup.com', an attacker can enumerate the contents of the 'winnt/system.ini' file, which can then be used to facilitate further attacks.
The vulnerability in MailPost allows an attacker to execute arbitrary HTML and script code in a user's browser through a malicious error message. This can lead to the theft of cookie-based authentication credentials or other attacks.
The MailPost application is prone to a cross-site scripting vulnerability. This allows an attacker to execute arbitrary HTML and script code in a user's browser by injecting malicious code through insufficiently sanitized user-supplied data. The vulnerability can be exploited to steal cookie-based authentication credentials or launch other attacks.
The Klinza Professional CMS version 5.0.1 is vulnerable to a remote file inclusion vulnerability in the show_hlp.php file. An attacker can exploit this vulnerability to include a remote file and execute arbitrary code on the target system.