Adobe Photoshop is prone to a denial of service vulnerability that may crash an instance of Internet Explorer. An attacker can exploit this issue by creating a script that attempts to create a COM object and enticing a user to execute the script in their browser. When the user executes the script via Internet Explorer, the Internet Explorer window hangs leading to a denial of service in the browser.
FTGate is prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. These issues may be leveraged to gain sensitive information about the affected system potentially aiding an attacker in mounting further attacks.
FTGate is prone to multiple remote input validation vulnerabilities, including a cross-site scripting issue and an HTML injection vulnerability. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied input before using it in dynamic web content. The cross-site scripting issue allows a remote attacker to create a malicious link that includes hostile HTML and script code, which can be executed in the victim's web browser. This can lead to theft of cookie-based authentication credentials and other attacks. The HTML injection vulnerability allows an attacker to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and sensitive information.
The vulnerability exists in the 'LoadMovie' function of Macromedia Flash Player for Internet Explorer. By calling the function and loading a flash movie into a non-zero level, an attacker can cause an instance of Internet Explorer to crash.
The 'MSWebDVD' Object in Internet Explorer is prone to a denial of service vulnerability that allows remote attackers to crash the browser. By sending an excessive string value (about 255 characters) through a malicious site, an attacker can cause a denial of service condition in Internet Explorer.
Certain areas within the BackWeb interface permit arbitrary programs to be invoked with LOCAL SYSTEM privileges.
ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue occurs because the application fails to properly sanitize user-supplied URI data. A successful exploit may allow a remote attacker to access sensitive information that may be used to launch further attacks against a vulnerable system.
The Encore Web Forum is prone to an issue that may allow a remote user to execute arbitrary commands on a system implementing the forum software. This issue is due to the application's failure to properly validate user-supplied URI input. A remote attacker may exploit this condition to execute arbitrary commands in the context of the webserver that is hosting the vulnerable application.
A vulnerability in the ImgSvr server software allows a remote user to retrieve arbitrary files from the web server root directory and its subdirectories. An attacker can gain access to arbitrary scripts within the server root directory.
A vulnerability in the ImgSvr server software allows a remote user to disclose root directory listings and directories outside the server root. An attacker can leverage this vulnerability to gain access to sensitive information and potentially launch further attacks against the target system.
Services By CQR