It has been reported that iWeb Server is prone a directory traversal issue allowing a remote attacker to traverse outside the server root directory by using '..%5C' character sequences. Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information, which may be used to mount further attacks against a vulnerable system.
It has been reported that FlexWATCH Network Video Server may be prone to an access validation error that may allow a remote attacker to gain administrative access to the system. The problem is reported to present itself when an attacker attempts to access the administrative interface using a specially crafted URL containing two slash '/' characters. Successful exploitation of this issue may allow a remote attacker to gain administrator level privileges to the server. This may lead to user accounts and system configuration modifications.
Citrix Metaframe XP is prone to cross-site scripting attacks when returning error messages to users. The error message is generated when invalid authentication credentials are transmitted to the log-in page. Exploitation of this issue could potentially result in the theft of cookie-based authentication credentials, or other attacks.
It has been reported that BEA WebLogic InteractiveQuery.jsp example application is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data in an initialization argument called 'person'. It has been reported that if an invalid value is passed to this argument, the software returns the value back to the user in a results page without proper sanitization. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.
It has been reported that Serious Sam game engine is vulnerable to a remote denial of service vulnerability due to a failure to handle exceptional conditions. This issue occurs when the client sends a certain malformed parameter to the server. This request may cause the software to consume an excessive amount of CPU cycles leading to a crash or hang.
It has been reported that LedForums is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'top_message' and 'topic' fields. This problem is due to insufficient sanitization of user-supplied input. Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
A vulnerability has reported to exist in BEA Tuxedo and WebLogic Enterprise due to Tuxedo administration console. The script is reported to accept various initialization arguments such as INIFILE that are not properly sanitized for user-supplied input. This issue may allow an attacker to carry out attacks such as denial of service, file disclosure, and cross-site scripting. An attacker may be able to determine the existence of a file outside the web server root by supplying passing various path values for INIFILE. A denial of service condition could be caused in the software by providing a device name such as CON, AUX, COM1, COM2 instead of a valid file name as one of the arguments for INIFILE. This may cause the service to crash or hang. A cross-site scripting vulnerability has also been reported to exist in the software due to insufficient santization of user-supplied input to INIFILE. This problem presents itself when an invalid file name is supplied as an argument for INIFILE. This vulnerability could be exploited to steal cookie-based credentials. Other attacks are possible as well.
It has been reported that E107 may be prone to a denial of service vulnerability. The issue has been reported to exist due to improper handling of user-supplied data in the form of HTML or script code to the 'Name:' field of Chatbox.php script. This issue may cause the software to behave in an unstable manner leading to a crash. Successful exploitation of this issue may allow an attacker to cause the software to crash or hang.
It has been reported that Centrinity FirstClass HTTP server may be prone to an information disclosure vulnerability that may allow a remote attacker to disclose listings for server root and user web directories on a vulnerable system. This issue may be exploited by appending "/Search" to the URL of the server which directs the user to a file search form. The attacker may then be able to access information about the directories by selecting all options in the form and leaving the filename field blank.
It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system(3) C-library function insecurely to run other utilities on the system. In at least one instance, system(3) is called to invoke the binary killall(1) in a manner relying on the PATH environment variable. As the environment can be set by the unprivileged user when kpopup is executed, an arbitrary executable with the filename killall(1) can be executed. Many modern shells anticipate insecure use of this function by setuid/setgid processes and drop effective privileges if they do not match the real userid/gid of the process. It may be the case that kpopup first sets its real uid and gid to 0 before calling system, making this vulnerability exploitable.
Services By CQR