The vulnerability allows JavaScript to execute with unintended privileges. A malicious site can cause the execution of a script with Chrome privileges, allowing attackers to execute hostile script code with privileges that exceed those intended. This issue affects Mozilla Firefox, Thunderbird, and SeaMonkey. Proof of concept code is available.
The Aplomb Poll application fails to properly sanitize user-supplied input, leading to multiple remote file-include vulnerabilities. An attacker can exploit these vulnerabilities to include a remote file containing malicious PHP code and execute it in the context of the webserver process. This can result in a compromise of the application and the underlying system, allowing for various other attacks as well.
The Aplomb Poll application is prone to multiple remote file-include vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to include a remote file containing malicious PHP code and execute it in the context of the webserver process. This can lead to compromise of the application and the underlying system, as well as other possible attacks.
Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Novell GroupWise WebAccess is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
An attacker can exploit this issue to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible.
The vulnerability in Fail2ban allows remote attackers to add arbitrary IP addresses to the block list used by the application, denying service to legitimate users.
Services By CQR