A denial of service vulnerability has been reported for OpenBSD, specifically when handling malformed calls to sysctl. By invoking systcl and passing a specific flag in conjunction with a negative argument may trigger a kernel panic. This could be exploited by a malicious unprivileged local user to crash a target system.
Half-Life dedicated server is prone to an information disclosure vulnerability and denial of service vulnerability. This issue presents itself due to a flaw in download functionality that is provided by the Half-Life dedicated server. A malicious attacker may exploit this functionality to download any file from the root folder of the current running game type, or from the valve folder. Successful exploitation of this issue may result in the disclosure of sensitive information, or denial of service to legitimate users.
It has been reported that NetServe may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient sanitization of user-supplied input. An attacker may traverse outside the server root directory by using '../' character sequences.
It has been reported that Auto Directory Index is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'dir' parameter, which will then be included in a dynamically generated web page. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker.
PostMaster has been reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization that is performed by the proxy service on user-supplied data. An attacker may construct a malicious HTTP request link that contains embedded HTML and script code. When this request is handled by the proxy service, the malicious HTML and script code contained in the request will be incorporated into an error page and in turn will be rendered in the browser of a user who follows the link.
Rolis Guestbook is vulnerable to an input validation issue that allows an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system.
It has been reported that phpWebFileManager may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient sanitization of user-supplied input. An attacker may traverse outside the server root directory by using '../' character sequences.
It has been reported that a cross-site scripting vulnerability may exist in WebWasher Classic that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to error messages returned to the user. User-supplied data is not properly sanitized therefore allowing an attacker to a construct a malicious link containing HTML or script code that may be rendered in a user's browser.
Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. These issues could be exploited by enticing an administrative user to follow a malicious link that includes hostile HTML and script code as values for URI parameters. If such a link is followed, the hostile code may be rendered in the administrator's browser. This could lead to theft of cookie-based authentication credentials, which contain the username and MD5 hash of the password, allowing for full compromise of the firewall.
It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer.
Services By CQR