IRCnet IRCD has been reported prone to a buffer overflow vulnerability that may be exploited by local users. This issue may be exploited to crash the affected server. Although unconfirmed, due to the nature of this vulnerability it has been conjectured that a local attacker may also leverage this condition to potentially have arbitrary instructions executed in the context of the affected server.
It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includes the util.php script, when handling specific requests to index.php. As a result, an attacker may be capable of having arbitrary PHP script code being executed on the remote host with the privileges of the web server.
It has been reported that dtprintinfo, installed setuid root by default, is susceptible to a locally exploitable buffer overflow vulnerability. The condition is triggered when the value of the DISPLAY environment variable is set to a string exceeding 9777 bytes in length. The vulnerability may allow for local attackers to gain root privileges on the affected host.
A problem has been reported in the handling of overly long HTTP version string data by Centrinity FirstClass. Because of this, it may be possible for an attacker deny service to legitimate users of a vulnerable system. This may be due to an exploitable boundary condition error, though this is not confirmed. This exploit uses a ptr overflow to remotely shutdown the Internet Services of FirstClass.
Geeklog is prone to multiple HTML Injection vulnerabilities due to a lack of sufficient sanitization performed on data that is parsed from forum interface form fields. An attacker with sufficient privileges to create a forum post may use the forum form fields as a conduit to inject malicious HTML and script code into dynamic Geeklog content. The malicious HTML may be rendered in the browser of an unsuspecting user who views the malicious post, leading to code execution in the context of the affected site.
PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remote PHP script, which will be executed in the context of the web server hosting the vulnerable PayPal Store Front software.
It has been reported that Medieval Total War may be prone to a denial of service vulnerability. The issue is caused when an attacker sends a malformed value for nickname consisting of 0 Unicode characters to the server during the initial authentication process. The exploitation of this issue results in the all users receiving a 'Connection expired' message before leading to a crash of the server.
Adobe SVG Viewer (ASV) is prone to an issue in the implementation of the getURL() and postURL() methods. These methods are designed to prevent access to URIs in a foreign domain or local files. However, by using a redirect when calling these methods, it is possible to bypass these restrictions. This could be exploited to read local or remote files, potentially exposing sensitive information and allowing for theft of cookie-based authentication credentials.
It has been reported that the Microsoft Message Queuing service is prone to a heap overflow. The Symantec DeepSight analyst team is currently analyzing proof-of-concept exploit code for this issue.
A problem exists in the SuSEWM configuration file used by SuSEConfig. Because of this, it may be possible for a local attacker to gain elevated privileges. This exploit creates a symbolic link in the /tmp directory which can be used to gain root privileges when Yast2 is run.
Services By CQR