The vulnerability allows a remote attacker to verify the validity of a recipient's e-mail address, potentially leading to an increase in junk e-mail.
The vulnerability allows a local attacker to gain root privileges on a vulnerable system by exploiting insufficient access validation in Systrace on NetBSD and the FreeBSD port by Vladimir Kotal. The attacker can use a specially crafted payload to restore privileges and execute arbitrary code.
Internet Explorer is affected by a XML parsing denial of service vulnerability. The vulnerability occurs due to a failure of the application to properly handle malformed XML tags. An attacker can exploit this vulnerability to crash a vulnerable web browser.
A vulnerability in Open WebMail allows a remote attacker to execute arbitrary commands on a vulnerable host. The issue is caused by insufficient sanitization of shell metacharacters passed through URI parameters. By exploiting this vulnerability, a non-privileged user can remotely execute arbitrary commands in the context of the web server hosting the vulnerable application.
Squid proxy is affected by an Internet access control bypass vulnerability. The issue arises due to the failure of the application to handle access controls properly when evaluating malformed URI requests. This vulnerability allows users who are restricted from accessing Internet-based resources to access arbitrary websites.
The Tutorials Manager application is affected by multiple SQL injection vulnerabilities due to a failure to properly sanitize user-supplied input. These vulnerabilities allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. In addition, SQL injection attacks may be used to exploit latent vulnerabilities in the underlying database implementation.
The 'Professional' and 'Enterprise' editions of MailEnable are prone to a remote heap buffer overflow. The overflow allows the attacker to control the EAX and ECX registers, allowing arbitrary code execution as SYSTEM. If logging is enabled, the request could contain: GET /{4032 x A} HTTP/1.1 or, without logging: GET /{8501 x A} HTTP/1.1.
The vulnerability allows an attacker to hide the true contents of a URI link by using a properly formatted HREF tag containing an image. This can trick a user into following a malicious link that appears to be from a trusted site.
This source code is an example of a memory leakage vulnerability in proftpd-1.2.0(rc2) server. It can cause a denial of service by sending a large number of size commands.
The NukeJokes module is affected by multiple input validation vulnerabilities. These include multiple SQL injection issues and multiple cross-site scripting vulnerabilities. The vulnerabilities arise due to a failure to properly sanitize user-supplied input, allowing remote attackers to manipulate query logic and potentially gain unauthorized access to sensitive information or execute malicious scripts in the context of the victim user's browser.
Services By CQR