The BasiliX Webmail application is vulnerable to an email header HTML injection vulnerability. This occurs due to the failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this vulnerability to gain access to a user's cookie-based authentication credentials and potentially disclose personal email. Other attacks are also possible.
The 12Planet Chat Server is vulnerable to a cross-site scripting (XSS) vulnerability due to a lack of input sanitization. An attacker can exploit this by injecting malicious HTML or script code into a URI argument to one of the servlets in the application. If a user follows a malicious link, the injected code will be rendered in their web browser, allowing the attacker to steal authentication credentials or perform other attacks.
The NetFile FTP/Web Server is prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. This vulnerability allows an attacker to create, view, and delete arbitrary files outside the web root.
The Brightmail anti-spam control center in Symantec Brightmail anti-spam is prone to an unauthorized message disclosure vulnerability. A remote attacker can exploit this vulnerability to read users' filtered email by manipulating a specific URL parameter.
MySQL is prone to a vulnerability that may permit remote clients to bypass authentication. This is due to a logic error in the server when handling client-supplied length values for password strings. Successful exploitation will yield unauthorized access to the database.
A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server. It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option, an attacker may be able to crash the application. A remote attacker reportedly is able to cause a denial of service condition with one request.
Easy Chat Server is susceptible to multiple denial of service vulnerabilities. The application improperly sanitizes user supplied URI data and cannot handle large numbers of anonymous users created in chat rooms. An attacker with remote access to an affected instance of this application could use these vulnerabilities to crash the service, denying service to legitimate users.
SCI Photo Chat is susceptible to a cross-site scripting vulnerability due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by creating a malicious link that includes hostile HTML and script code. If an unsuspecting user follows this link, the hostile code may be rendered in their web browser, potentially leading to theft of authentication credentials or other attacks.
Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by creating a malicious link that includes hostile HTML and script code. If an unsuspecting user follows the link, the hostile code may be rendered in their web browser, allowing for theft of cookie-based authentication credentials and arbitrary application command execution.
Lotus Domino Server is reported prone to a remote denial of service vulnerability. The issue is reported to exist when a malicious email that is received on the affected server, is opened through the Domino Web Access interface by a client. A remote attacker may exploit this condition to deny Lotus Domino service to legitimate users.
Services By CQR