Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call. This issue may allow a remote attacker to execute arbitrary commands on the affected system with the privileges of the web server. Other attacks may be possible as well.
AllMyPHP application AllMyGuests is prone to a remote file include vulnerability due to insufficient filtering of URI passed variables that are used in a 'require_once()' call. This issue may allow a remote attacker to execute arbitrary commands on the affected system with the privileges of the web server.
ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic content. An attacker may reportedly inject HTML code into ASP Portal details page. The second issue, also results from a lack of sufficient sanitization performed on URI parameters. It has been reported that an attacker may craft a link to the ASP Portal 'index.asp' page, passing script code and HTML content as the value for the affected URI parameters. This malicious code will be executed in the browser of a user who follows the link in the context of the vulnerable site. The third vulnerability again results from a lack of sufficient sanitization. When collecting user-supplied data that will be later incorporated into an SQL query statement, the software fails to filter certain control characters. An attacker may provide SQL statements as a value for URI parameters that are passed to the 'index.asp' script. The fourth vulnerability again results from a lack of sufficient sanitization. When collecting user-supplied data from cookie parameters that will be later incorporated into an SQL query statement, the software fails to filter certain control characters. An attacker may provide SQL statements as a value for the affected cookie parameter. Finally a vulnerability in the methods used to store session cookies has been reported. The issue presents itself due to the user name associated with the current session being stored in plaintext format.
Sami FTP Server is prone to multiple remote denial of service vulnerabilities. An attacker with sufficient credentials to access a vulnerable server can cause the pmsystem.exe executable to raise a fatal exception by making unexpected FTP requests, such as the 'get <something unavailable>' request.
It has been reported that an attacker who has sufficient credentials to access a vulnerable server, may cause the pmsystem.exe executable to raise a fatal exception by making unexpected FTP requests.
It has been reported that the Crob FTP server is prone to a remote denial of service vulnerability. An attacker may exploit this issue to cause the affected server to crash, denying service to legitimate users.
It has been reported that the XFree86 X Windows system is prone to a local buffer overflow vulnerability. The issue arises from improper bounds checking when parsing the 'font.alias' file. Successful exploitation of this issue may allow an attacker to gain root privileges to the affected system.
A vulnerability has been reported in Macallan Mail Solution that may permit remote attackers to bypass authentication for the web interface. This may be exploited by submitting a specially crafted HTTP GET request for the administration page of the web interface.
Monkey HTTP Daemon is prone to a denial of service attack when an HTTP GET request is sent without a 'Host' header field. The server will need to be restarted to regain normal functionality.
An SQL injection vulnerability has been reported to affect BosDates calendar system. The issue arises due to insufficient sanitization of user supplied data. As a result of this issue an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information.
Services By CQR