It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' variables in the 'db.php' and 'archivednews.php' modules.
The FTP server that is distributed with EvolutionX has been reported prone to multiple buffer overflow vulnerabilities. The first of these vulnerabilities exists post-authentication, and is due to a lack of sufficient bounds checking performed on arguments that are passed to the 'cd' command. The second issue exists pre-authentication, excessive data passed as username:password combination to the affected FTP server will trigger the buffer overrun. Finally the telnet server that is distributed with EvolutionX has been reported prone to a buffer overflow vulnerability when handling excessive data passed as an argument to the 'dir' command. An attacker may exploit any one of these issues to deny service to legitimate users of the XBOX appliance, it has been conjectured that these issues may be exploitable to result in arbitrary code execution.
It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.
The Microsoft Windows XP HCP URI handler has been reported prone to a vulnerability that may provide for arbitrary command execution. The issue is reported to present itself when a specially formatted HCP URI that references a local resource is processed. A remote attacker may exploit this issue to have arbitrary commands executed in the context of the user who followed the link. This issue has been reported to be present in Polish versions of Windows XP SP1; other versions may also be vulnerable.
A local privilege escalation vulnerability has been reported to affect the 2.6 Linux kernel. The issue appears to exist due to a lack of sufficient sanity checks performed when executing a file that is hosted on a remote Samba share. An attacker may exploit this condition to gain elevated privileges, as the setuid/setgid bit of a remote file is honored on the local system.
A buffer overflow vulnerability exists in the Red-M Red-Alert network monitors due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an overly long string of characters to the affected device. This will cause the device to crash, eliminating logs, and potentially allowing the attacker to gain unauthorized access to the administrative interface or partially evade detection.
It has been reported that the PHP-Nuke module 'Reviews' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software.
Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system. This may be exploited via abuse of the VBScript LoadPicture method. Exploitation of the weakness may assist in other attacks which depend on the attacker being able to determine whether or not certain files on the system exist.
A buffer overflow vulnerability has been reported in the Sambar web server. The issue is due to a boundary condition error in the POST data processing of the affected software. Immediate consequences of an attack may result in a denial of service condition. It may also be possible for the attacker to manipulate process memory and execute arbitrary code in the context of the vulnerable process.
It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software.
Services By CQR