The first vulnerability allows an attacker to gain access to potentially sensitive error log information. The second vulnerability is a cross-site scripting vulnerability that allows execution of hostile HTML and script code. The third vulnerability allows an attacker to capture user and SQL database credentials by sniffing network traffic. The fourth vulnerability allows a regular user account to gain administrative access.
Multiple input validation vulnerabilities in IceWarp Web Mail allow remote attackers to conduct SQL Injection, Account Manipulation, Cross-site Scripting, Information disclosure, Local file system access, and other attacks.
BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from the firewall.ini file included with the software. When the system is restarted, and the affected software reads the malicious firewall.ini file, both the blackice.exe and blackd.exe executables will crash.
The vulnerability exists in the cfengine cfservd AuthenticationDialogue() function due to a lack of sufficient boundary checks on challenge data received from a client. A remote attacker can exploit this vulnerability to corrupt in-line heap based memory management data.
The GNU cfengine cfservd is prone to a remote heap-based buffer overrun vulnerability. The vulnerability exists in the cfengine cfservd AuthenticationDialogue() function due to a lack of sufficient boundary checks performed on challenge data received from a client. An attacker can exploit this vulnerability to corrupt in-line heap-based memory management data.
A vulnerability in YaPiG allows a remote attacker to execute malicious scripts on a vulnerable system. The issue arises due to a lack of sanitization of user-supplied data. An attacker can upload a file with a '.php' extension, which will be parsed and executed by the PHP engine when requested. Successful exploitation of this vulnerability can lead to the execution of malicious script code on the server.
The xine media library is affected by a remote buffer overflow vulnerability, which allows a remote attacker to gain unauthorized access to a vulnerable computer. The vulnerability exists in xine-lib rc-5 and prior versions, as well as xine versions 0.99.2 and prior.
GNU Info is prone to a buffer overrun vulnerability due to a lack of boundary checks performed on argument data for the (f) follow xref Info command. An attacker can exploit this vulnerability by crafting a malicious Info script that triggers the issue.
The Free Web Chat server is prone to multiple denial of service vulnerabilities. The first vulnerability occurs due to insufficient sanitization on username data, allowing a user with a void name to be added, resulting in a NullPointerException. The second vulnerability is caused by improper management of multiple connections from the same location, leading to resource consumption. A remote attacker can exploit these vulnerabilities to deny service to legitimate users.
The thttpd web server is susceptible to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. This vulnerability only affects the Windows port of the application and allows an attacker to retrieve arbitrary files from the affected host computer.
Services By CQR