activeWeb contentserver is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The Oracle Critical Patch Update advisory for July 2007 addresses multiple vulnerabilities that affect all security properties of the Oracle products. These vulnerabilities pose both local and remote threats, with some requiring various levels of authorization to exploit. The most severe vulnerabilities could lead to complete compromise of affected computers. One specific exploit mentioned is the 'bunkerview.sql' evil view exploit (CVE-2007-3855), which allows unauthorized password updates.
The Helma application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching further attacks.
Remote attackers can exploit these vulnerabilities by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Successful exploits may allow attackers to execute arbitrary code in the context of a user running the vulnerable application or to obtain sensitive information. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks.
Multiple applications using RAR are prone to a NULL-pointer dereference vulnerability. A successful attack will result in denial-of-service conditions. Attackers may also be able to exploit this issue to execute arbitrary code, but this has not been confirmed.
The IBM Proventia Sensor Appliance is prone to multiple input-validation vulnerabilities, including multiple remote file-include issues and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based authentication credentials, view files, and to execute arbitrary server-side script code on an affected device in the context of the webserver process. Other attacks are also possible.
enVivo!CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Adobe Flash Player is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim running the vulnerable application.
ImgSvr is prone to a local file-include vulnerability because it fails to sanitize user-supplied input. Attackers may exploit this issue to access files that may contain sensitive information.
Attackers can inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers in Microsoft Internet Explorer, Mozilla Firefox, and Netscape Navigator. This allows remote attackers to execute arbitrary commands and gain unauthorized access. They can also perform cross-browser scripting attacks by using the '-chrome' argument and run JavaScript code with the privileges of trusted Chrome context.
Services By CQR