The XOOPS Dictionary Module by Nagle is affected by multiple cross-site scripting vulnerabilities. Attackers can execute arbitrary script code in the browser of an unsuspecting user by enticing them to follow a malicious link. This can lead to the theft of cookie-based authentication credentials and other attacks. The impact of this issue depends on the context of the dynamic web site developed with the XOOPS software and the XOOPS dictionary module.
DMS is susceptible to a directory traversal vulnerability. The issue occurs when requesting files outside the webroot of the application using hex-encoded directory traversal character sequences to create a relative path to the target file. This vulnerability allows a remote attacker to retrieve potentially sensitive files, potentially aiding them in further system compromise.
RealVNC server is reported prone to a remote denial of service vulnerability. This issue presents itself when an attacker establishes a large amount connections to the server. The exploit code provided in the text is a simple program that creates multiple socket connections to the target server, causing it to become unresponsive or crash.
The Regmon application fails to handle exceptional conditions and references unvalidated pointers to kernel functions, allowing a local unauthorized attacker to cause a denial of service condition in the application. The attacker may then obfuscate changes to the registry from the administrator and carry out further attacks against a vulnerable computer.
The PHP Code Snippet Library is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities exist due to a lack of proper sanitization of user-supplied URI input. An attacker can exploit these vulnerabilities by creating a malicious URI link that includes hostile HTML and script code. When a victim user follows this link, the malicious code may be executed in the context of the affected website, potentially leading to the theft of authentication credentials or other attacks.
This exploit allows for PHP code execution and creation of admin credentials in Blog Pixel Motion V2.1.1. The vulnerability includes a PHP function that can be exploited to execute arbitrary code and bypass security measures.
WebAPP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input data. An attacker can exploit this vulnerability to retrieve arbitrary, potentially sensitive files from the hosting computer with the privileges of the webserver. In this case, the attacker could retrieve DES-encrypted password hashes for all users of the application, aiding them in further attacks.
An attacker can use an IFRAME that is accessible within the same domain and change its URI to the location of a file or directory. The attacker can then determine the existence of the resource by the error message returned by Internet Explorer. This weakness can then allow the attacker to carry out other attacks against a vulnerable computer.
GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames.An attacker might leverage this issue to execute arbitrary shell commands with the privileges of an unsuspecting user running the vulnerable application.Although this issue reportedly affects only a2ps version 4.13, other versions are likely affected as well.$ touch 'x`echo >&2 42`.c'$ a2ps -o /dev/null *.c42[x`echo >&2 42`.c (C): 0 pages on 0 sheets][Total: 0 pages on 0 sheets] saved into the file `/dev/null'
The application fails to properly sanitize user-supplied URI input, allowing a remote attacker to create a malicious URI link containing hostile HTML and script code. When followed, this link can render the hostile code in the victim user's web browser, potentially leading to theft of authentication credentials or other attacks.
Services By CQR
