GoAhead webserver fails to sanitize HTTP requests, allowing an attacker to append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker.
It has been reported that osCommerce may be prone to a cross-site scripting vulnerability that may allow an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
sipd has been reported prone to a format string vulnerability that may be triggered remotely. It has been reported that sip URI arguments passed to the affected server are not sufficiently handled. An attacker may place format specifiers in the URI and they will be handled literally, potentially allowing the attacker to read from and write to arbitrary memory.
Aardvark Topsites PHP version 4.1.0 has been reported to be prone to these issue, however other versions may be affected as well. Attackers can exploit these vulnerabilities by sending malicious requests to the vulnerable application, such as http://www.example.com/index.php?method=`, http://www.example.com/index.php?a=lostpw&set=1&id=`, http://www.example.com/index.php?a=lostpw&set=1&session_id=`
The cd9660.util utility has been reported prone to a local buffer overrun vulnerability. Excessive data supplied as an argument for the probe for mounting switch, passed to the cd9660.util utility will overrun the bounds of a reserved buffer in memory. Because memory adjacent to this buffer has been reported to contain saved values that are crucial to controlling execution flow, a local attacker may potentially influence cd9660.util execution flow into attacker-supplied instructions.
Multiple vulnerabilities were reported in EPIServer that include directory traversal, information disclosure, and denial of service. These issue result from insufficient sanitization of user-supplied input.
A problem has been identified in the handling of pre-authentication packets by DameWare Mini Remote Control Server. Because of this, it may be possible for a remote attacker to gain unauthorized access to hosts using the vulnerable software. It is possible to exploit this vulnerability on Windows 2000 and Windows XP systems. The exploit code includes offsets for jmp esp in comctl32.dll and user32.dll.
It has been reported that one of the scripts included with osCommerce fails to validate user-supplied input, rendering it vulnerable to a SQL injection attack. The script in question is used to verify account details during the new user registration process and has the filename 'create_account_process.php'. It may be possible for attackers to manipulate the query to corrupt data in the database or, possibly, gain access on the underlying host (through, for example, stored procedures or vulnerabilities in the database server).
It has been discovered that the Mozilla browser is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a NULL byte is located after the user value. It is said that, when doing a mouseover of such a URI, it will cause it to only display the contents of the user value, not the entire link. This could be used in conjunction with other URI obfuscation attacks and browser vulnerabilities to trick a user into following a malicious link.
RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by RemotelyAnywhere on user supplied 'reason' URI parameters. If a target user followed a malicious link, an attacker could potentially abuse this weakness, to include arbitrary messages in logout screens. This may aid in social engineering type attacks against the target user.
Services By CQR