The Global Spy Software Cyber Web Filter is affected by an IP filter bypass vulnerability. This vulnerability occurs due to a failure of the application to properly handle exceptional HTTP requests. An attacker can exploit this vulnerability to bypass filters based on IP addresses, enabling them to visit restricted websites.
The cURL module in PHP fails to properly enforce the 'open_basedir' restriction, allowing malicious users to bypass it and access arbitrary files on the server. This can lead to further attacks and unauthorized access to sensitive information.
The vulnerabilities in Quake II are caused by boundary condition checking failures, access validation failures, and failures to handle exceptional conditions. An attacker can exploit these vulnerabilities to execute arbitrary code, trigger a denial of service condition, gain access to sensitive server files, and rejoin a server that they have been banned from.
The Google Desktop Search application fails to properly sanitize HTML tag content, allowing an attacker to execute arbitrary client-side script code in a user's browser. This can lead to theft of authentication credentials and other malicious activities.
The vulnerability occurs when certain font tags are encountered and rendered in Microsoft Internet Explorer. When a page containing the malicious HTML code is viewed, Internet Explorer and all instances spawned from it will crash.
The 'libxml2' library is reported prone to multiple remote stack-based buffer-overflow vulnerabilities caused by insufficient boundary checks. Remote attackers may exploit these issues to execute arbitrary code on a vulnerable computer. The URI parsing functionality and the DNS name resolving code are affected.
LinuxStat is vulnerable to a directory traversal vulnerability. Attackers can exploit this vulnerability by using '../' directory traversal sequences in the affected URI argument, which can cause the inclusion of potentially sensitive web-server readable files in the output of the requested page. This can lead to information disclosure and further attacks.
MoniWiki is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied URI input. An attacker can create a malicious URI link containing hostile HTML and script code. When a victim user follows this link, the code may be executed in their browser, potentially allowing the attacker to steal authentication credentials or launch other attacks.
The OpenWFE application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. This can be exploited by an attacker to steal authentication credentials and execute malicious code in a user's browser. Additionally, OpenWFE is also affected by a connection proxy vulnerability, allowing anonymous scanning of network computers.
The Netbilling 'nbmember.cgi' script is prone to an information disclosure vulnerability. This vulnerability can be exploited by remote attackers to gain access to user authentication credentials and potentially sensitive configuration information.
Services By CQR