Mozilla Internet Browser is prone to a weakness that allows an external protocol to be called without user interaction, potentially exposing users to vulnerabilities in the underlying operating system or default handler for the registered protocol. This weakness can be exploited to execute arbitrary files.
Ethereal 0.10.5 is vulnerable to multiple vulnerabilities, including an iSNS protocol dissector vulnerability, a SMB protocol dissector vulnerability, and a SNMP protocol dissector vulnerability. These vulnerabilities are due to the application's failure to properly handle malformed packets. Successful exploitation of these vulnerabilities can lead to a denial of service condition and may also facilitate arbitrary code execution.
JAWS is prone to multiple vulnerabilities, including a cross-site scripting vulnerability that allows remote attackers to execute malicious code in the victim's browser, a file disclosure vulnerability that allows attackers to access sensitive files through directory traversal, and an authentication bypass vulnerability that allows unauthorized access to the system.
JAWS is prone to a cross-site scripting vulnerability. This allows a remote attacker to create a malicious URI link that includes hostile HTML and script code, which can lead to the execution of attacker-supplied code in the victim's web browser. This can result in the theft of authentication credentials and other attacks. Additionally, JAWS is reported to be prone to a file disclosure vulnerability, allowing an attacker to disclose target files by using directory traversal sequences in URI parameters. An authentication bypass vulnerability also exists, where an attacker can create a cookie derived from a known value to authenticate to the system.
The BasiliX Webmail application is vulnerable to an email header HTML injection vulnerability. This occurs due to the failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this vulnerability to gain access to a user's cookie-based authentication credentials and potentially disclose personal email. Other attacks are also possible.
The 12Planet Chat Server is vulnerable to a cross-site scripting (XSS) vulnerability due to a lack of input sanitization. An attacker can exploit this by injecting malicious HTML or script code into a URI argument to one of the servlets in the application. If a user follows a malicious link, the injected code will be rendered in their web browser, allowing the attacker to steal authentication credentials or perform other attacks.
The NetFile FTP/Web Server is prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. This vulnerability allows an attacker to create, view, and delete arbitrary files outside the web root.
The Brightmail anti-spam control center in Symantec Brightmail anti-spam is prone to an unauthorized message disclosure vulnerability. A remote attacker can exploit this vulnerability to read users' filtered email by manipulating a specific URL parameter.
MySQL is prone to a vulnerability that may permit remote clients to bypass authentication. This is due to a logic error in the server when handling client-supplied length values for password strings. Successful exploitation will yield unauthorized access to the database.
A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server. It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option, an attacker may be able to crash the application. A remote attacker reportedly is able to cause a denial of service condition with one request.
Services By CQR
