Easy Chat Server is susceptible to multiple denial of service vulnerabilities. The application improperly sanitizes user supplied URI data and cannot handle large numbers of anonymous users created in chat rooms. An attacker with remote access to an affected instance of this application could use these vulnerabilities to crash the service, denying service to legitimate users.
SCI Photo Chat is susceptible to a cross-site scripting vulnerability due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by creating a malicious link that includes hostile HTML and script code. If an unsuspecting user follows this link, the hostile code may be rendered in their web browser, potentially leading to theft of authentication credentials or other attacks.
Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by creating a malicious link that includes hostile HTML and script code. If an unsuspecting user follows the link, the hostile code may be rendered in their web browser, allowing for theft of cookie-based authentication credentials and arbitrary application command execution.
Lotus Domino Server is reported prone to a remote denial of service vulnerability. The issue is reported to exist when a malicious email that is received on the affected server, is opened through the Domino Web Access interface by a client. A remote attacker may exploit this condition to deny Lotus Domino service to legitimate users.
The Sun Java Runtime Environment Font object is vulnerable to an assertion failure denial of service vulnerability. This issue occurs when the process fails to handle exceptional conditions when processing font objects. An attacker can exploit this vulnerability by causing a vulnerable application, as well as all processes spawned from the application, to crash, denying service to legitimate users. Data loss may also occur.
PowerPortal is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities allow remote attackers to create malicious URI links that include hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the victim's web browser, potentially leading to theft of authentication credentials and other attacks. Additionally, PowerPortal is prone to an information disclosure vulnerability that allows remote attackers to reveal directory listings by exploiting directory traversal sequences in the 'modules.php' script.
A vulnerability has been identified in the application that may allow an attacker to disclose the installation path. Successful exploitation of this vulnerability may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.
Cart32 is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied data. A remote attacker can create a malicious link that includes hostile HTML and script code. If a user follows this link, the hostile code can render in the victim's web browser, allowing for theft of authentication credentials and other attacks.
The 'newreply.php' and 'newthread.php' scripts in VBulletin are prone to an HTML injection vulnerability. An attacker can inject malicious HTML and script code in fields that are viewable by other users. This can lead to theft of cookie-based authentication credentials and other attacks.
FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve() system call. An attacker with local interactive user-level access on an affected machine is able to crash FreeBSD when running on the Alpha architecture, denying service to legitimate users.