Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. The vulnerability exists in the 'general.tagz' file of 1st Class Mail Server, where an attacker can manipulate the 'Site' and 'Mailbox' parameters to execute arbitrary code or access sensitive files on the server.
The 1st Class Mail Server version 4.01 is vulnerable to directory traversal and cross-site scripting attacks. An attacker can exploit these vulnerabilities by manipulating the 'viewmail.tagz' parameter in the URL, allowing them to access arbitrary files on the server and inject malicious HTML code.
The LCDproc Server (LCDd) is prone to multiple remote vulnerabilities. The first issue exists in the parse_all_client_messages() function of parse.c, where a lack of sufficient boundary checks on user-supplied arguments allows a remote attacker to execute arbitrary instructions in the context of the vulnerable service. The second issue exists in the test_func_func() function of client_functions.c, where a lack of sufficient boundary checks allows an attacker to trigger a buffer overflow. The third issue is due to an erroneous implementation of a formatted print function in the test_func_func() function of client_functions.c, allowing a remote attacker to execute code in the context of the affected service.
These vulnerabilities can be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code. The exploitation can facilitate theft of cookie-based authentication credentials or other attacks.
The vulnerabilities in AzDGDatingLite can be exploited by enticing a user to visit a malicious link containing hostile HTML and script code. This can lead to theft of authentication credentials or other attacks.
NukeCalendar, a third-party calendar module for PHP-Nuke, is vulnerable to multiple security issues. These include path disclosure, SQL injection, and cross-site scripting. These vulnerabilities can lead to the disclosure of sensitive information, compromise of user accounts, compromise of the bulletin board, and potential attacks against the database through SQL injection.
NukeCalendar, a third-party calendar module for PHP-Nuke, is vulnerable to multiple issues including path disclosure, SQL injection, and cross-site scripting. These vulnerabilities can lead to the disclosure of sensitive information, compromise of user accounts and bulletin boards, and potential attacks against the database through SQL injection.
The NukeCalendar module for PHP-Nuke is prone to multiple vulnerabilities including path disclosure, SQL injection, and cross-site scripting. These vulnerabilities could result in the disclosure of sensitive information, compromise of user accounts or bulletin boards, and possible attacks against the database implementation itself through SQL injection.
Kerio Personal Firewall is vulnerable to a denial of service attack when the Web Filtering functionality is enabled. The vulnerability occurs when certain characters are present in a URI that is being handled by the Web Filtering procedures.
The FirstClass Desktop Client is prone to a local buffer overflow vulnerability. This vulnerability could allow attackers to execute arbitrary code on a vulnerable system, potentially leading to elevated privileges. The issue is reported to exist due to the 'PROXYADDR' variable of the 'LOCAL NETWORK.FCP' configuration file.