OwnServer 1.0 and earlier versions are vulnerable to a directory traversal attack, which allows a remote attacker to view files outside of the web server root directory. This can be done by appending '../' to the URL, as demonstrated in the examples above.
The WebTrends Reporting Center management interface discloses installation path information when an invalid argument for an interface URI parameter is requested. This information may permit an attacker to enumerate the layout of the underlying file system of the host.
It has been reported that PHPix is vulnerable to a remote command execution vulnerability due to poor handling of externally supplied data such as shell metacharacters. This issue may allow unauthorized access to the affected system with the privileges of the web server hosting the vulnerable program. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server.
It has been reported that the NETCam webserver of NETCam Viewer may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. AIPTEK NETCam Viewer versions 1.0.0.28 and prior are reported to be prone to this issue, however, other versions could be affected as well.
The GetWare Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives malicious HTTP requests that contain negative values for the Content-Length field in the HTTP header. A remote attacker may exploit this issue to deny service to the GetWare Web Server.
GoAhead WebServer is prone to a vulnerability that may permit remote attackers to bypass directory management policy. It is reported that certain syntax may be used in HTTP GET requests to bypass the policy for how certain request should be handled, for example, a script that should be interpreted may be downloaded by the attacker instead. This could allow for unauthorized access to resources hosted on the server, likely resulting in disclosure of sensitive information such as script source code.
It has been reported that a problem exists in the SSI.php script distributed as part of YaBB SE. Due to insufficient sanitizing of user-supplied URI parameters, it is possible for a remote user to inject arbitrary SQL queries into the database used by YaBB SE. This could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. The issue exists because remote users may reportedly influence the include path for external scripts by supplying their own value for the 'mosConfig_absolute_path' variable in the 'mod_mainmenu.php' script.
Multiple JDBC database implementations include insecure default security policies, which could expose vulnerable databases to denial of service attacks. This could also permit remote attackers to execute arbitrary commands on systems hosting vulnerable implementations in some circumstances.
MetaDot Portal Server fails to properly validate user input, allowing an attacker to inject malicious code into the application. In this example, an attacker can inject an iframe tag with a malicious URL into the application, which can be used to execute malicious code on the user's browser.
Services By CQR