Macromedia Flash Player is reported to store Flash cookies (.sol files) in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable location, such as referencing the content via a file:// URI. This is compounded by the fact that an attacker could include HTML and script code in the cookie, which may be interpreted by Internet Explorer or possibly other browsers. In the example of Internet Explorer, such content would be interpreted in the context of the Local Zone. Successful exploitation would still require the attacker to guess the local username of the victim.
A vulnerability has been reported for Musicqueue. The problem specifically occurs within a signal handling procedure used invoked when a segmentation violation occurs. The procedure invokes a library function, passing it the name of a predictable filename to create within the systems temporary directory. As a result, an attacker may be capable of launching a symbolic link attack, effectively overwriting the contents of a potentially system critical file with the contents of the created file. This could theoretically lead to a denial of service condition, or in some cases privileged elevation.
The Red Hat Apache configuration may allow an attacker to view directory listings when an attacker issues an HTTP GET request to a vulnerable server containing '//' characters, evading the rule desgined to prevent Apache from displaying directory listings with a request for '/'. The server is reported to disclose directory listings even when autoindex for the root directory has been disabled and a default welcome page is supposed to be displayed.
A directory traversal vulnerability exists in the handling of some characters by sh-httpd. An attacker can exploit this vulnerability by sending specially crafted HTTP requests containing directory traversal sequences such as '../' to the vulnerable server. This can allow the attacker to gain unauthorized access to sensitive information such as configuration files, source code, and other system files.
It has been reported that Chi Kien Uong Guestbook may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The problem is reported to present itself due to insufficient sanitization of user-supplied data when posting an e-mail address or URL to the site. It has been reported that double quotes are not filtered therefore an attacker may be able to append malicious script code in order to be executed on a victim's web browser. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information.
A vulnerability exists in the Sun Microsystems Java Virtual Machine when implementing the Security Manager. An attacker can exploit this vulnerability to crash the virtual machine by creating a class that extends the SecurityManager class and calling the classDepth() method with a null argument.
A flaw in the Opera web browsers security model has been discovered that could allow an attacker to access a users filesystem within the Local Zone. The problem occurs when handling malformed HTML iframes which point to local system locations. Exploitation of this vulnerability could result in the exposure of sensitive data or could potentially lead to the corruption of system critical files.
It has been reported that Apache Cocoon may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '/./../' character sequences. The issue is caused by insufficient sanitization of user-supplied input to the 'filename' parameter in the sample 'view-source' script. This vulnerability may be successfully exploited to gain sensitive information about a vulnerable host that could be used to launch further attacks against the system.
A vulnerability has been identified in the Sun Java Virtual Machine packaged with JRE and SDK. This issue results in the circumvention of the Java Security Model, and can permit an attacker to execute arbitrary code on vulnerable hosts. An attacker can exploit this issue by creating a malicious applet and hosting it on a malicious web server. When a vulnerable user visits the malicious web server, the malicious applet will be executed on the user's system.
Coreutils 'ls' has been reported prone to an integer overflow vulnerability. The issue reportedly presents itself when handling width and column display command line arguments. It has been reported that excessive values passed as a width argument to 'ls' may cause an internal integer value to be misrepresented. Further arithmetic performed based off this misrepresented value may have unintentional results. Additionally it has been reported that this vulnerability may be exploited in software that implements and invokes the vulnerable 'ls' utility to trigger a denial of service in the affected software.
Services By CQR