1st Class Mail Server has been reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on user-supplied data. A remote attacker may pass excessive data as an argument for an APOP command passed to the affected server. The attacker may exploit this issue to corrupt a saved instruction pointer and in doing so may potentially influence execution flow of the affected service into attacker-supplied instructions.
Nortel Wireless LAN Access Point 2200 series appliances have been reported to be prone to a remote denial of service vulnerability. The issue is reported to present itself when a large network request is handled by one of the Wireless LAN Access Point default administration services. This will reportedly cause the Access Point Appliance Operating service to crash, effectively denying service to legitimate users. A successful attack on a vulnerable server can cause the AP (Access Point) listener to fail and crash. The port 23 (telnet) functionality cannot be restored until the listener is manually restarted.
The Motorola T720 has been reported prone to a remote denial of service vulnerability. The issue presents itself when the phone handles excessive IP based traffic under certain circumstances. An attacker may potentially exploit this issue to cause a target phone to crash.
It has been reported that Squid Proxy may be prone to an unauthorized access vulnerability that may allow remote users to bypass access controls resulting in unauthorized access to attacker-specified resources. The vulnerability presents itself when a URI that is designed to access a specific location with a supplied username, contains '%00' characters. This sequence may be placed as part of the username value prior to the @ symbol in the malicious URI.
It has been reported that 602Pro LAN Suite Web Mail is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user input supplied via the URI. Attackers may exploit this vulnerability to steal authentication credentials. Other attacks may also be possible.
YaBB SE is prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successful exploitation of these issues may allow an attacker to gain access to sensitive information that may be used to mount further attacks against a vulnerable system. The SQL injection vulnerabilities can be exploited to gain access to user authentication credentials and corrupt user information in the underlying database.
It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
GNU Anubis has been reported prone to multiple buffer overflow and format string vulnerabilities. It has been conjectured that a remote attacker may potentially exploit these vulnerabilities to have arbitrary code executed in the context of the Anubis software. The buffer overflow vulnerabilities exist in the 'auth_ident' function in 'auth.c'. The format string vulnerabilities are reported to affect the 'info' function in 'log.c', the 'anubis_error' function in 'errs.c' and the 'ssl_error' function in 'ssl.c'.
It has been reported that iGeneric Free Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters. As a result of this issue a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been conjectured that an attacker may be able to disclose user password hashes by exploiting this issue. This issue may also be leveraged to exploit latent vulnerabilities within the database itself.
ArGoSoft FTP Server version 1.4.1.4 is vulnerable to three buffer overruns when handling overly long FTP SITE ZIP and SITE COPY commands, a file enumeration issue involving the SITE UNZIP command and user database corruption denial of service attacks via the SITE PASS command.
Services By CQR