The Horde IMP Webmail Client is prone to multiple input-validation vulnerabilities, including cross-site scripting and an HTML-injection issue. These vulnerabilities occur due to the application's failure to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary HTML and script code in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and control over how the site is rendered to users. Other attacks may also be possible.
The 'minigzip' tool is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. A local attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.
The Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability. This vulnerability occurs due to the insufficient sanitization of user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot, potentially exposing sensitive information that could aid in launching further attacks.
The Weekly Drawing Contest is vulnerable to a local file-include vulnerability due to improper sanitization of user-supplied input. Exploiting this vulnerability allows an unauthorized user to view local files on the affected webserver. An attacker can exploit this issue by supplying a specially crafted payload in the 'order' parameter of the 'check_vote.php' script.
ClipShare is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This module exploits a stack overflow in D-Link TFTP 1.0. By sending a request for an overly long file name, an attacker could overflow a buffer and execute arbitrary code. For best results, use bind payloads with nonx (No NX).
The vulnerability in PHP allows an attacker to execute arbitrary machine code in the context of the affected webserver by exploiting a remote buffer-overflow vulnerability. This can result in a denial of service by crashing the webserver.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Services By CQR