The Kerio Personal Firewall (KPF) driver does not properly sanitize API parameters, leading to a denial of service vulnerability. When certain parameter data is handled by the KPF API hook, it triggers an exception and causes a crash in the Windows kernel, resulting in a system-wide denial of service. An attacker can exploit this vulnerability to disrupt the services and deny access to legitimate users.
A remote URI obfuscation vulnerability has been found in Internet Explorer's search pane functionality. This issue is due to a failure of the application to present the URI address of HTML and script code loaded into the search pane. An attacker can exploit this vulnerability to display misleading information in the address bar of the browser, making it seem like the web page is from a trusted location. This can be used to facilitate phishing attacks and other types of attacks.
The MD5 algorithm is prone to a hash collision weakness, allowing attackers to create multiple input sources that result in the same output fingerprint. This can be exploited to substitute a malicious file for an innocent one, potentially leading to the execution of malicious code or breaking non-repudiation properties of messages.
WebLibs is prone to a remote directory traversal vulnerability. This issue is due to a failure of the application to properly filter user-supplied input.
The vulnerability is caused by the server's inability to handle malformed requests. An attacker can exploit this by sending a specially crafted request to the server, causing it to crash and denying service to legitimate users.
A cross-site scripting vulnerability exists in Blog Torrent due to improper sanitization of user-supplied URI input. An attacker can create a malicious URI link containing hostile HTML and script code, which, if followed by a victim user, can result in the execution of the malicious code in the user's web browser. This can lead to theft of authentication credentials and other attacks.
KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue allows attackers to embed arbitrary FTP server commands in malicious URIs, leading to the execution of these commands on remote servers. Attackers can exploit this vulnerability to download malicious files to the victim's computer or send email to arbitrary addresses without user interaction.
Microsoft Internet Explorer is prone to an arbitrary FTP server command-execution vulnerability. Attackers can embed arbitrary FTP server commands in malicious URIs, which, upon following, will connect the victim user's browser to the attacker-specified FTP server and send the malicious commands. This can result in the download of malicious files to the victim's computer without their knowledge. The vulnerability can also be leveraged to send email to arbitrary addresses without user interaction.
The affected browsers crash due to a NULL pointer dereference when a JavaScript function tries to print an IFRAME embedded in the page.
paFileDB is prone to an installation path disclosure. If invalid requests are made to certain scripts, the installation path is included in the returned error message.
Services By CQR