header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Multiple Denial of Service Vulnerabilities in Easy Chat Server

Easy Chat Server is susceptible to multiple denial of service vulnerabilities. The application improperly sanitizes user supplied URI data and cannot handle large numbers of anonymous users created in chat rooms. An attacker with remote access to an affected instance of this application could use these vulnerabilities to crash the service, denying service to legitimate users.

SCI Photo Chat Cross-Site Scripting Vulnerability

SCI Photo Chat is susceptible to a cross-site scripting vulnerability due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by creating a malicious link that includes hostile HTML and script code. If an unsuspecting user follows this link, the hostile code may be rendered in their web browser, potentially leading to theft of authentication credentials or other attacks.

Cross-Site Scripting Vulnerabilities in Netegrity IdentityMinder

Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by creating a malicious link that includes hostile HTML and script code. If an unsuspecting user follows the link, the hostile code may be rendered in their web browser, allowing for theft of cookie-based authentication credentials and arbitrary application command execution.

Lotus Domino Server Remote Denial of Service Vulnerability

Lotus Domino Server is reported prone to a remote denial of service vulnerability. The issue is reported to exist when a malicious email that is received on the affected server, is opened through the Domino Web Access interface by a client. A remote attacker may exploit this condition to deny Lotus Domino service to legitimate users.

Sun Java Runtime Environment Font object assertion failure denial of service vulnerability

The Sun Java Runtime Environment Font object is vulnerable to an assertion failure denial of service vulnerability. This issue occurs when the process fails to handle exceptional conditions when processing font objects. An attacker can exploit this vulnerability by causing a vulnerable application, as well as all processes spawned from the application, to crash, denying service to legitimate users. Data loss may also occur.

PowerPortal Multiple Vulnerabilities

PowerPortal is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities allow remote attackers to create malicious URI links that include hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the victim's web browser, potentially leading to theft of authentication credentials and other attacks. Additionally, PowerPortal is prone to an information disclosure vulnerability that allows remote attackers to reveal directory listings by exploiting directory traversal sequences in the 'modules.php' script.

csFAQ Installation Path Disclosure Vulnerability

A vulnerability has been identified in the application that may allow an attacker to disclose the installation path. Successful exploitation of this vulnerability may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.

Cross-site scripting vulnerability in Cart32

Cart32 is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied data. A remote attacker can create a malicious link that includes hostile HTML and script code. If a user follows this link, the hostile code can render in the victim's web browser, allowing for theft of authentication credentials and other attacks.

FreeBSD Alpha execve() Denial of Service Vulnerability

FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve() system call. An attacker with local interactive user-level access on an affected machine is able to crash FreeBSD when running on the Alpha architecture, denying service to legitimate users.

Recent Exploits: