LinuxStat is vulnerable to a directory traversal vulnerability. Attackers can exploit this vulnerability by using '../' directory traversal sequences in the affected URI argument, which can cause the inclusion of potentially sensitive web-server readable files in the output of the requested page. This can lead to information disclosure and further attacks.
MoniWiki is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied URI input. An attacker can create a malicious URI link containing hostile HTML and script code. When a victim user follows this link, the code may be executed in their browser, potentially allowing the attacker to steal authentication credentials or launch other attacks.
The OpenWFE application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. This can be exploited by an attacker to steal authentication credentials and execute malicious code in a user's browser. Additionally, OpenWFE is also affected by a connection proxy vulnerability, allowing anonymous scanning of network computers.
The Netbilling 'nbmember.cgi' script is prone to an information disclosure vulnerability. This vulnerability can be exploited by remote attackers to gain access to user authentication credentials and potentially sensitive configuration information.
This exploit targets the getgrnam() function overflow vulnerability in Solaris 2.5/2.5.1 (SPARC). The default offset should work. The exploit code is provided in the form of a shellcode. The author of this exploit is Pablo Sor from Buenos Aires, Argentina. The contact email address is psor@afip.gov.ar.
The vulnerability exists due to a lack of sufficient sanitization performed on WAV file header values before they are processed. An attacker can exploit this vulnerability to cause the Windows Explorer process to consume CPU resources, resulting in a denial of service condition.
The UBBCentral UBB.threads application is prone to an SQL injection vulnerability due to a failure in validating user-supplied URI input. A malicious user can exploit this vulnerability to manipulate database queries and potentially access or modify sensitive information.
A remote attacker can exploit this vulnerability to influence or misrepresent web content
This exploit takes advantage of an integer underflow vulnerability in the iptables logging rules of the Linux kernel 2.6 branch. A remote attacker can use this vulnerability to crash a computer running the affected kernel. The 2.6 Linux kernel is reported to be prone to this vulnerability, while the 2.4 kernel is not vulnerable.
The vulnerability exists in the mod_include module of Apache 1.3.x. It occurs when the module attempts to parse mod_include-specific tag values and fails to properly validate the lengths of user-supplied tag strings before copying them into finite buffers, allowing for a buffer overflow. A local attacker can exploit this vulnerability to execute arbitrary code on the affected computer with the privileges of the affected Apache server.