It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to a "404 Not Found" error message returned to the user due to a request for a URL that does not exist. The error message reportedly contains the bad URL which is not properly sanitized therefore allowing an attacker to a construct a malicious link containing HTML or script code that may be rendered in a user's browser. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.
A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by software, leading to a buffer overflow condition. The problem is reported to exist in the defang() function in libhttpd.c. This issue may allow an attacker to gain unauthorized access to a vulnerable host. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the web server in order to gain unauthorized access to a vulnerable system.
A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by software, leading to a buffer overflow condition. The problem is reported to exist in the defang() function in libhttpd.c.
It has been reported that Symantec Norton Internet Security is prone to a cross-site scripting vulnerability. The issue is reported to exist when the software blocks a restricted website and an error message containing the requested URL is returned to the user. This URL is not sanitized for malicious input therefore allowing a remote attacker to execute HTML or script code in the browser of a user running the vulnerable software. The script code would run in the context of the blocked site. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.
Multiple buffer overrun vulnerabilities have been discovered in Musicqueue. Both issues stem from the lack of bounds checking when passing user-supplied input to the sprintf() libc function. As a result, it may be possible for an attacker to exploit arbitrary code with the privileges the affected application, possibly installed suid or sgid.
Les Visiteurs is vulnerable to a remote command execution vulnerability due to improper handling of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code in the lvc_include_dir parameter. This malicious code will be executed on the vulnerable system.
A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges.
A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges.
This program is vulnerable to a buffer overflow attack due to the lack of proper input validation. By supplying a long string as an argument, an attacker can overwrite the return address of the program and execute arbitrary code.
A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. The exploit code is written in C and uses a shellcode to gain root privileges.
Services By CQR