A remote attacker can exploit this vulnerability in Comersus Cart to influence or misrepresent how web content is served, cached or interpreted, potentially aiding in various attacks that try to deceive client users.
The calendar utility contained in the bsdmainutils package on Debian GNU/Linux systems is reported susceptible to an information disclosure vulnerability. This is due to a lack of proper file authorization checks by the application. The application fails to enforce permissions of included files when run as the superuser with the '-a' argument, therefore it is possible for a local attacker to create a calendar file that will disclose the contents of arbitrary, potentially sensitive files. This may aid them in further attacks against the affected computer.
The Password Protect application is prone to multiple cross-site scripting and SQL injection vulnerabilities. These vulnerabilities are caused by inadequate sanitization of user-supplied input. Successful exploitation of these vulnerabilities can allow arbitrary HTML and script code execution as well as compromise of the underlying database. Attackers can potentially gain unauthorized administrative access to the application.
Xedus is susceptible to multiple vulnerabilities. The first reported issue is a denial of service vulnerability. The affected application is unable to service multiple simultaneous connections, denying access to the hosted site for legitimate users. The second reported issue is a cross-site scripting vulnerability in included sample scripts. This vulnerability is due to a failure of the application to properly sanitize user-supplied URI input before including it in the output of the scripts. The third reported issue is a directory traversal vulnerability. The affected application will reportedly serve documents located outside of the configured web root. This may allow an attacker the ability to read arbitrary, potentially sensitive files on the hosting computer with the privileges of the web server. This may aid malicious users in further attacks.
Xedus is susceptible to multiple vulnerabilities. The first vulnerability is a denial of service vulnerability that prevents legitimate users from accessing the hosted site. The second vulnerability is a cross-site scripting vulnerability in included sample scripts, allowing an attacker to inject malicious code. The third vulnerability is a directory traversal vulnerability, which allows an attacker to read arbitrary files outside of the configured web root.
A remote denial of service vulnerability exists in WS_FTP Server. This vulnerability occurs when the application processes a malformed file path through the 'cd' command. An attacker can exploit this vulnerability by sending a specially crafted file path to the server, causing it to crash and deny service to legitimate users.
The XOOPS Dictionary Module by Nagle is affected by multiple cross-site scripting vulnerabilities. Attackers can execute arbitrary script code in the browser of an unsuspecting user by enticing them to follow a malicious link. This can lead to the theft of cookie-based authentication credentials and other attacks. The impact of this issue depends on the context of the dynamic web site developed with the XOOPS software and the XOOPS dictionary module.
DMS is susceptible to a directory traversal vulnerability. The issue occurs when requesting files outside the webroot of the application using hex-encoded directory traversal character sequences to create a relative path to the target file. This vulnerability allows a remote attacker to retrieve potentially sensitive files, potentially aiding them in further system compromise.
RealVNC server is reported prone to a remote denial of service vulnerability. This issue presents itself when an attacker establishes a large amount connections to the server. The exploit code provided in the text is a simple program that creates multiple socket connections to the target server, causing it to become unresponsive or crash.
The Regmon application fails to handle exceptional conditions and references unvalidated pointers to kernel functions, allowing a local unauthorized attacker to cause a denial of service condition in the application. The attacker may then obfuscate changes to the registry from the administrator and carry out further attacks against a vulnerable computer.
Services By CQR