A cross-site scripting vulnerability exists in Advanced Guestbook due to a failure in properly sanitizing user-supplied URI input. An attacker can create a malicious URI link containing hostile HTML and script code. When a victim user follows the link, the code will be executed in their web browser, potentially allowing for theft of authentication credentials or other attacks.
The vulnerability allows an attacker to access arbitrary files on the server by manipulating the 'file' parameter in the URL. By including '../' sequences, an attacker can traverse directories and access sensitive files such as the password file (/etc/passwd).
rssh is prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer. The vulnerability can be exploited using the following commands:1. ssh restricteduser@remotehost 'rsync -e "touch /tmp/example --" localhost:/dev/null /tmp'2. scp command.sh restricteduser@remotehost:/tmp/command.sh3. ssh restricteduser@remotehost 'scp -S /tmp/command.sh localhost:/dev/null /tmp'
scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer.
JanaServer 2, a commercially available proxy server for Windows, is vulnerable to multiple denial of service attacks. The vulnerabilities occur due to the application's inability to handle malformed network communications. The first vulnerability occurs when the application receives malformed HTTP requests, while the second vulnerability occurs when it processes malformed RealPlayer streaming data. An attacker can exploit these vulnerabilities to cause the proxy server to hang, resulting in a denial of service for legitimate users.
IPCop is susceptible to an HTML injection vulnerability in its proxy log viewer. This allows remote attackers to inject malicious HTML or script code, which is displayed to administrative users and executed in the context of the affected web application. Attackers may be able to execute administrative actions on behalf of the administrator and perform theft of authentication credentials and other attacks.
The file command is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string lengths in the affected file prior to copying them into static process buffers. An attacker may leverage this issue to execute arbitrary code with the privileges of a user that processes the malicious file with the affected utility. This may be leveraged to escalate privileges or to gain unauthorized access.
phpCMS is susceptible to a cross-site scripting vulnerability. This issue occurs when the application fails to properly sanitize user-supplied input before including it in dynamically generated web pages. An attacker can create a malicious URI link with hostile HTML and script code, which, if followed, can render the code in the victim user's web browser. This can lead to theft of cookie-based authentication credentials or other attacks.
The vulnerability occurs when the browser performs an infinite JavaScript array sort operation, leading to a denial of service. It is currently believed that this vulnerability cannot be further exploited to execute arbitrary code, although this has not been confirmed.
The vulnerability in Apple Safari Web Browser can be exploited by performing an infinite JavaScript array sort operation, leading to a browser crash. It is believed that this vulnerability only causes a denial of service and is not capable of executing arbitrary code, although this has not been confirmed.
Services By CQR