Bytehoard is prone to directory traversal attacks, which could allow remote attackers to gain unauthorized access to sensitive files hosted on the system running the software. An example of this attack is demonstrated in the URL provided, which attempts to access the /etc/passwd file.
An SQL injection vulnerability has been reported in the Geeklog 'forgot password' feature (introduced in Geeklog 1.3.8). Due to insufficient sanitization of user-supplied input, it is possible for remote attacks to influence database queries. This could result in compromise of the Geeklog installation or attacks against the database. An example exploit is provided in the form of a shell script which sends a malicious HTTP request to the vulnerable server.
GoldLink is prone to SQL injection attacks due to insufficient validation of values supplied via cookies. This may allow attackers to manipulate SQL queries, potentially resulting in information disclosure, bulletin board compromise or other consequences. An example of the attack is using the vadmin_login and vadmin_pass values of ' OR Login LIKE '% and ' OR Password LIKE '% respectively.
It has been reported that a remote attacker may construct a malicious link containing script and HTML code to any one of the vulnerable demonstration scripts or servlets on the affected server. If this link is followed the code contained therein will be rendered in the browser of the user who followed the link.
It has been reported that Macromedia ColdFusion MX may be prone to a cross-site scripting vulnerability due to improper handling of error messages generated by the underlying database. This problem may be exploited by an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link. If successful, an attacker may obtain access to cookie-based authentication credentials that may lead to other attacks.
Microsoft has reported the existence of a local buffer overrun vulnerability in an undisclosed User32.dll library function. This function is used by applications implementing the use of ListBox or ComboBox controls and will be triggered when the program encounters specific types of Windows messages. This issue poses a security risk when a privileged application is running in the environment of an unprivileged user. Due to the ability for a program to transmit a windows message to another process, an attacker may be capable of exploiting this buffer overrun to gain privileged access to a system.
When certain non-HTTP request types are handled by the Tomcat HTTP connector, the Tomcat server will reject subsequent requests on the affected port until the service is restarted. A proof-of-concept exploit is available which sends a malicious request to the Tomcat Admin Port, causing the page to become inaccessible.
WrenSoft Zoom Search Engine is prone to a cross-site scripting issue in the software's search module. A remote attacker may be able to execute HTML or script code in a user's browser by constructing a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link.
WinSyslog is prone to a remotely exploitable denial of service vulnerability. The issue exists in the Interactive Syslog Server specifically. This occurs when the program receives multiple excessive syslog messages via the port it listens on (10514/UDP by default). This is also reported to cause system instability, which is likely due to resource exhaustion.
A vulnerability has been reported to exist in the mIRC client that may allow a remote attacker to crash a vulnerable mIRC client. The condition is most likely present due to insufficient boundary checking performed on 'DCC SEND' requests. It has been reported that when received, a malicious 'DDC SEND' request can trigger a fatal error and cause an affected mIRC client to crash.
Services By CQR