The Sun Java Runtime Environment Font object is vulnerable to an assertion failure denial of service vulnerability. This issue occurs when the process fails to handle exceptional conditions when processing font objects. An attacker can exploit this vulnerability by causing a vulnerable application, as well as all processes spawned from the application, to crash, denying service to legitimate users. Data loss may also occur.
PowerPortal is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities allow remote attackers to create malicious URI links that include hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the victim's web browser, potentially leading to theft of authentication credentials and other attacks. Additionally, PowerPortal is prone to an information disclosure vulnerability that allows remote attackers to reveal directory listings by exploiting directory traversal sequences in the 'modules.php' script.
A vulnerability has been identified in the application that may allow an attacker to disclose the installation path. Successful exploitation of this vulnerability may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.
Cart32 is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied data. A remote attacker can create a malicious link that includes hostile HTML and script code. If a user follows this link, the hostile code can render in the victim's web browser, allowing for theft of authentication credentials and other attacks.
The 'newreply.php' and 'newthread.php' scripts in VBulletin are prone to an HTML injection vulnerability. An attacker can inject malicious HTML and script code in fields that are viewable by other users. This can lead to theft of cookie-based authentication credentials and other attacks.
FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve() system call. An attacker with local interactive user-level access on an affected machine is able to crash FreeBSD when running on the Alpha architecture, denying service to legitimate users.
ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter. The URI parameter passed to 'index.php' called 'rawURL' contains the desired target for the proxy to connect to. This parameter is improperly sanitized, and may be used in a cross-site scripting attack. An attacker may craft a URI that contains malicious HTML or script code. If a victim user follows this link, the HTML contained in the affected URI parameter will be executed in the context of the vulnerable site. The attacker could use this vulnerability to steal cookie-based authentication credentials, or perform other types of attacks.
The BT Voyager 2000 Wireless ADSL Router is prone to a sensitive information disclosure vulnerability. 'Public' SNMP MIB community strings, which are world-readable by default, contain sensitive information related to the internal protected network. This vulnerability can be exploited to collect data that can be used in further attacks against the victim network.
An email header HTML injection vulnerability exists in SqWebMail due to improper sanitization of user-supplied email header strings. This allows an attacker to inject malicious HTML and script code into email headers, potentially leading to the exploitation of an unsuspecting user's cookie-based authentication credentials.
An attacker with access to the wireless or internal network segments of the DI-614+, DI-704, and DI-624 routers can craft malicious DHCP hostnames that, when sent to the router, will be logged and can cause unintended changes to the router's configuration. Other attacks may also be possible.
Services By CQR