It has been reported that BadBlue Server may be prone to a remote path disclosure vulnerability that may allow an attacker to disclose the installation path by issuing a request for 'phptest.php' script.
It has been reported that the Digital Reality Game engine is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to validate packet data size input supplied by a client. The immediate consequences of a successful attack will cause the affected server to crash. It has been conjectured that this issue may also be leveraged to execute arbitrary code in the context of the affected application, however this has not been verified.
It has been reported that Opt-X may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because remote users may influence the 'systempath' variable in the header.php module.
LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet (CSS) tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability. This could potentially be exploited to steal cookies from other site users. Other attacks are also possible.
XMB Forum is prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities due to insufficient sanitization of remote user supplied data. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user or to have malicious SQL queries executed in the underlying database.
ezboard is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code encapsulated in [font] tags of posts to the bulletin board. This code may be rendered in the web browser of a user who views these areas of the site. This would occur in the security context of the site hosting ezboard.
Load Sharing Facility eauth component has been reported prone to privilege escalation vulnerability. The eauth component is responsible for controlling authentication procedures within Load Sharing Facility. An issue has been reported where an attacker may send commands to Load Sharing Facility as any user. The issue presents itself because eauth uses an environment variable to determine the UID of the user invoking the binary. An attacker can use Perl and NetCat software to send packets to the target daemon.
Remote attackers may submit malicious requests to the software that contain directory traversal sequences, potentially exposing sensitive resources outside of the hosting web server root.
Proxy-Pro Professional GateKeeper is prone to a remotely exploitable buffer overrun that may be triggered by passing HTTP GET requests of excessive length through the web proxy component. This could be exploited to execute arbitrary code in the context of the software.
It has been reported that TYPESoft FTP Server is prone to a remote denial of service vulnerability that may allow an attacker to cause the server to crash. This vulnerability has been reported to affect version 1.10 of the software, however, previous versions may also be affected. MKD //../qwerty xMKD //../qwerty dele //../qwerty size //../qwerty retr //../qwerty stor //../qwerty appe //../qwerty rnfr //../qwerty rnto //../qwerty rmd //../qwerty xrmd //../qwerty
Services By CQR