A buffer overflow condition has been reported in top when handling environment variables of excessive length. This may result in an attacker potentially executing arbitrary code.
WebCalendar is vulnerable to an information disclosure issue which allows an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process. This can be done by sending a specially crafted HTTP request to the vulnerable server, such as http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd.
It has been reported that attackers may be able to modify the 'location' variable passed to the index.php file to cause the Web server to return arbitrary files. This script is prone to a directory traversal vulnerability, allowing attackers to retrieve any file residing on the filesystem readable by the Web server user.
The Drupal content management system is prone to a cross-site scripting vulnerability. This issue is exposed through the main page and through other sub-pages. An attacker may exploit this issue by including hostile HTML and script code in a malicious link to Drupal. This code may be rendered in the web browser of a user who visits the link.
A stack overflow vulnerability has been reported for the queue-pr utility of GNATS. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option. Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges.
SimpNews is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a Simpnews URI variable. This variable is used in the include path for several SimpNews configuration scripts. By influencing the include path so that it points to a malicious PHP script on a remote system, it is possible to cause arbitrary PHP code to be executed.
Remote users may be able to send an HTTP request to a Witango server with a cookie containing a specific variable set to an excessively large value. Remote code execution is possible.
It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.
It has been reported that BRU may not properly parse commandline arguments, potentially leading to at least two vectors of exploitation. It may be possible for local attackers to conduct format string-based attacks as well as buffer overflow-based attacks. It should be noted that although BRU does not ship with the suid bit set by default, documentation within the software may instruct users to enable it.
Ultimate Bulletin Board has been reported to be vulnerable to HTML injection due to a lack of sanitization performed on cookie data. A remote authenticated attacker may modify fields of an Ultimate Bulletin Board cookie, and embed HTML code into several of the fields contain therein. The attacker may then use the cookie to inject HTML code into the affected forum, which will be rendered when the forum overview page or latest posts overview page are viewed.
Services By CQR
