Axigen Webmail is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
There is a remote buffer overflow in NewsReactor 20070220 that can be triggered by grabbing articles that contain an overly long file name. To exploit, convince someone to set their newsgroup server to your IP:119 and ask them to grab an article (e.g., with a .NZB file). This exploit waits for an incoming connection and then runs calc.exe. Return address should work on XP SP2 FR but may fail on English systems.
Mechanical Bunny Media PaysiteReviewCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The SmarterTools SmarterStats application is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a targeted user, potentially stealing authentication credentials and launching further attacks.
Zenphoto is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Zenphoto is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This is the latest version of TFTP server. EDI gets overwritten at 246. So code execution may be possible. Sending a long file name on the vulnerable server can crash the server.
MySource Matrix is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
HeffnerCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
Services By CQR