The vulnerability allows a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a forum administrator follows this link, the attacker's command will be executed with the administrator's privileges, potentially allowing arbitrary user creation and other attacks.
The Titan FTP server is vulnerable to a remote denial of service (DoS) attack when handling the 'LIST' command. A remote attacker can exploit this vulnerability by sending a specially crafted 'LIST' command to the FTP server, causing it to crash.
APSIS Pound has a remote format string vulnerability that allows for the execution of arbitrary code on the affected system. This vulnerability occurs when Pound handles certain requests containing embedded format string specifiers. The vulnerability can be exploited remotely or locally depending on the configuration of Pound. The exploit code provided in the source code allows for remote exploitation.
PaX for 2.6 series Linux kernels has been reported prone to a local denial of service vulnerability. The issue is reported to present itself when PaX Address Space Layout Randomization Layout (ASLR) is enabled. The vulnerability may be exploited by a local attacker to influence the kernel into an infinite loop.
The vulnerability allows an attacker to retrieve and delete files, resulting in information disclosure and denial of service attacks. By sending directory traversal sequences and requesting a file through a vulnerable parameter, an attacker can exploit this issue.
The Coppermine Photo Gallery application is prone to multiple input-validation vulnerabilities that can lead to arbitrary command execution. These vulnerabilities arise due to the application's failure to properly sanitize and validate user-supplied input before using it in dynamic content and function calls that execute system commands. Attackers can exploit these vulnerabilities to steal cookie-based authentication credentials, map the application root directory, execute arbitrary commands, and include arbitrary files.
Moodle is susceptible to a cross-site scripting vulnerability in the 'help.php' script. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content. This issue may allow for theft of cookie-based authentication credentials. Other attacks are also possible.
Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer boundaries before storing input in fixed buffers. Immediate consequences of this attack may cause the affected daemon to crash, denying service to legitimate users. Furthermore, due to the nature this issue, arbitrary code execution may be possible. This would occur in the context running daemon process.
SquirrelMail is affected by a cross-site scripting vulnerability in the handling of folder name displays. This issue allows for the inclusion of malicious script code in dynamic web content.
The DiGi WWW Server is vulnerable to a remote denial of service attack. This vulnerability can be exploited by sending a malformed HTTP GET request to the server, causing the web server process to consume excessive CPU resources. An example of a malicious request is: GET ///[660Kb of /]/// HTTP/1.1
Services By CQR