The VocalTec VGW120 and VGW480 Telephony Gateways are prone to a remote denial of service vulnerability. The issue is reported to exist in the ASN.1/H.323/H.225 stack. A remote attacker may exploit this issue to deny service to the affected appliances.
A denial of service condition is reported to exist in the MollenSoft Lightweight FTP Server that may allow a remote user to deny service to legitimate FTP users. The vulnerability is due to a lack of sufficient boundary checks performed on CWD command arguments.
cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are insecure. These settings will reportedly permit a local attacker to execute arbitrary code as any user who possesses a PHP file that is published to the Apache web server.
Users can bypass the content filter functionality of Netgear RP114 by creating a URI request string that is over 220 bytes in length. This allows any host to access blacklisted websites, leading to a false sense of security for network administrators.
Liferay Enterprise Portal is vulnerable to multiple cross-site scripting (XSS) and HTML injection vulnerabilities. These vulnerabilities occur because user-supplied data from various input fields is included in server-generated content without proper validation or encoding. This allows for typical XSS attacks against other users of the portal.
The e107 website system is prone to a remote HTML injection vulnerability. This vulnerability occurs when a user supplies malicious HTML or script code to the application using a URI parameter of the log.php script. The application fails to properly sanitize user-supplied input, allowing the injected HTML code to be stored and rendered in the browser of unsuspecting users when the log page of the affected site is viewed.
The vulnerability allows attackers to hide the true contents of a URI link by using a malicious image within a properly formatted HREF tag. This can trick users into following a malicious link that appears to be from a trusted site.
The vulnerability allows attackers to hide the true contents of a URI link by using a malicious image within a properly formatted HREF tag. This can trick users into following a malicious link that appears to be a trusted site.
DSM Light is prone to a directory traversal vulnerability. The issue occurs when the application fails to properly sanitize user-supplied URI input. An attacker can exploit this vulnerability to view arbitrary, web-readable files on the affected computer, potentially aiding them in conducting further attacks.
ActiveState Perl is prone to an integer overflow vulnerability. It occurs due to a lack of sufficient bounds checking on multiplier data passed to a Perl duplicator statement. This vulnerability allows an attacker to influence the execution flow of a vulnerable Perl script and execute arbitrary code. Failed exploit attempts will result in a denial of service.