These vulnerabilities allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
The application has multiple vulnerabilities including path disclosure, cross-site scripting (XSS), HTML injection, SQL injection, directory traversal, and arbitrary file upload. These vulnerabilities can be exploited by a remote attacker.
Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
The Ettercap software version 0.7.5.1 and earlier is vulnerable to a stack overflow vulnerability, as identified by CWE-121. This vulnerability allows an attacker to execute arbitrary code or cause a denial of service (DoS) by sending a specially crafted input to the affected software. The vulnerability exists in the `ec_scan.c` file, specifically in the `fscanf` function call at line 633-635. By sending a maliciously crafted input, an attacker can trigger a stack overflow and potentially gain control over the affected system. This vulnerability has been assigned CVE-2012-0722.
Crackalaka is prone to a remote denial of service vulnerability that allows an attacker to crash the server by sending an excessive amount of data.
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. The specific vulnerability exists in the 1st Class Mail Server version 4.01. However, other versions may also be affected. An attacker can exploit these vulnerabilities by sending a specially crafted request to the affected server, allowing them to traverse directories and execute arbitrary scripts in the context of a victim's browser.
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. The vulnerability exists in the 'general.tagz' file of 1st Class Mail Server, where an attacker can manipulate the 'Site' and 'Mailbox' parameters to execute arbitrary code or access sensitive files on the server.
The 1st Class Mail Server version 4.01 is vulnerable to directory traversal and cross-site scripting attacks. An attacker can exploit these vulnerabilities by manipulating the 'viewmail.tagz' parameter in the URL, allowing them to access arbitrary files on the server and inject malicious HTML code.
The LCDproc Server (LCDd) is prone to multiple remote vulnerabilities. The first issue exists in the parse_all_client_messages() function of parse.c, where a lack of sufficient boundary checks on user-supplied arguments allows a remote attacker to execute arbitrary instructions in the context of the vulnerable service. The second issue exists in the test_func_func() function of client_functions.c, where a lack of sufficient boundary checks allows an attacker to trigger a buffer overflow. The third issue is due to an erroneous implementation of a formatted print function in the test_func_func() function of client_functions.c, allowing a remote attacker to execute code in the context of the affected service.
These vulnerabilities can be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code. The exploitation can facilitate theft of cookie-based authentication credentials or other attacks.
Services By CQR