An anonymous user can exploit this vulnerability to download the contents of the '/etc/passwd' file on the device. Other commands can also be executed, enabling further attacks.
The PhotoADay application is affected by a cross-site scripting vulnerability. This vulnerability allows a remote attacker to create a malicious URI link containing hostile HTML and script code. If a victim user follows this link, the hostile code may be executed in their web browser, potentially leading to the theft of authentication credentials or other attacks.
IMWheel is prone to a predictable temporary file creation vulnerability. This issue is a race condition error and may allow a local attacker to carry out denial of service attacks against other users and possibly gain elevated privileges. The vulnerability was identified in IMWheel 1.0.0pre11, however, other versions may be affected as well. The exploit script presented in the text demonstrates the vulnerability by creating a file with a predictable name and wiping its contents. It also provides an optional step to replace the file with a symbolic link to another file.
Remote users can download the 'news.mdb' database file and gain access to sensitive information, including unencrypted authentication credentials.
The vulnerability occurs when Opera attempts to execute a specific JavaScript command, causing the browser to crash.
MyDMS is susceptible to a directory traversal vulnerability, allowing registered users to download arbitrary web server readable files, and an SQL injection vulnerability, allowing attackers to compromise the application and manipulate data or exploit vulnerabilities in the underlying database implementation.
Mantis bug tracking system is susceptible to a vulnerability in its signup process that allows for mass email attacks. When a new user signs up, the system automatically sends an email with the user's new password. However, Mantis fails to ensure that only one account exists with the specified email address, enabling an attacker to create a massive amount of email from the Mantis server. The vulnerability has been addressed in the CVS version with the implementation of a captcha system, but all currently released versions are reported to be vulnerable.
Mantis, a web-based bug tracking system, is affected by cross-site scripting vulnerabilities. These vulnerabilities arise from a lack of proper sanitization of user-supplied URI input. A remote attacker can exploit these vulnerabilities by creating a malicious URI link containing hostile HTML and script code. When the victim user follows this link, the malicious code can execute in their web browser, potentially leading to theft of authentication credentials or other attacks.
Mantix is susceptible to a remote server-side script execution vulnerability. This vulnerability occurs when PHP is configured with 'register_globals = on'. An attacker can override variables used by the application in require() statements by including a URI reference to a web server hosting a malicious script in GET, POST, or cookie data. This allows the attacker to execute arbitrary script code in the context of the server hosting the affected application.
aGSM is prone to a remote buffer overflow vulnerability. The issue occurs in the aGSM server information parsing routines for Half-Life game servers. A malicious server can execute arbitrary code on an affected client by exploiting a lack of sufficient bounds checking on the hostname parameter in a server reply to an info request.
Services By CQR