osTicket is prone to a remote command execution vulnerability. Attachments submitted as part of a support ticket request are stored with a predictable name in a known web accessible location. An attacker can exploit this vulnerability by submitting a malicious attachment and executing arbitrary commands on the affected system.
This vulnerability allows an attacker to execute arbitrary code as the superuser, leading to unauthorized access and privilege escalation. The exploit takes advantage of the insecure handling of usernames in Basic Authentication information to control the execution instruction pointer (EIP) and execute the payload.
The application rlpr is prone to multiple vulnerabilities that can allow a remote attacker to execute arbitrary code and gain unauthorized access. The vulnerabilities include a format string vulnerability and a buffer overflow vulnerability. The format string vulnerability occurs due to insufficient sanitization of user-supplied data through the 'msg()' function. The buffer overflow vulnerability occurs due to insufficient boundary checking in the 'msg()' function.
A denial of service vulnerability exists in multiple ircd implementations. This exists because of an issue with the deallocation of buffers used by rate limiting mechanisms in the ircd. This could result in exhaustion of memory resources on the system running the ircd.
Asterisk is susceptible to format string vulnerabilities in its logging functions. An attacker may use these vulnerabilities to corrupt memory, and read or write arbitrary memory. Remote code execution is likely possible. Due to the nature of these vulnerabilities, there may exist many different avenues of attack. Anything that can potentially call the logging functions with user-supplied data is vulnerable.
The IBM acpRunner ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a malicious website and may result in the silent installation of a malicious executable. A remote attacker may exploit this vulnerability in order to silently install a malicious executable on an affected system.
phpMyChat is prone to multiple vulnerabilities including HTML injection, SQL injection, authentication bypass, and file disclosure. These vulnerabilities are due to insufficient sanitization of user-supplied data and design flaws. An attacker can exploit these vulnerabilities to inject malicious HTML or script code, execute arbitrary SQL queries, bypass authentication, and disclose sensitive files.
phpMyChat is prone to multiple vulnerabilities, including HTML injection, SQL injection, authentication bypass, and file disclosure. The HTML injection vulnerability allows an attacker to inject malicious HTML or script code into the affected application. The SQL injection vulnerabilities occur when SQL syntax is passed through the URI parameters of the 'usersL.php3' script. The authentication bypass vulnerability allows an attacker to bypass the authentication system by modifying the phpMyChat authentication screen. The file disclosure vulnerability allows an authenticated site administrator to disclose a target file by including a relative path with directory traversal sequences as a value for a URI parameter passed to the 'admin.php3' script.
The Web Wiz Forums software is vulnerable to a cross-site scripting attack due to improper sanitization of user-supplied data in the 'registration_rules.asp' script. An attacker can exploit this vulnerability to steal cookie authentication credentials or perform other types of attacks.
Microsoft Internet Explorer is reported to contain a cross-site scripting vulnerability for sites that have a wildcard DNS entry. A web server with a wildcard DNS entry will respond to any hostname requested. Internet Explorer improperly interprets text inside of an anchor tag as HTML, rather than plaintext. An attacker can exploit this vulnerability by finding or creating a web site using a wildcard DNS entry and configuring it to display the hostname received in the request in the HTML returned to the user. This allows the attacker to potentially execute HTML or script code in the security context of the vulnerable site, leading to theft of cookie authentication credentials or other types of attacks.
Services By CQR