It has been reported that Cisco LEAP (Lightweight Extensible Authentication Protocol) is prone to a password disclosure weakness that may allow a remote user to steal user passwords. The issue may be exploited out by brute forcing user passwords using dictionary attacks. Successful exploitation of this weakness may allow a remote attacker to steal authentication information, potentially allowing for unauthorized network access.
It has been reported that EarthStation 5 is prone to a file deletion vulnerability that may allow a remote attacker to delete arbitrary files on a vulnerable system. The problem is reported to exist in the 'Search Service' packet handler employed by the software. An attacker may exploit this issue by sending packet 0Ch and sub-function 07h to a client running the vulnerable version of the software. Successful exploitation of this issue may allow an attacker to delete files in the shared folder or sensitive files on the system in the context of the user running the vulnerable software. This issue could lead to a denial of service condition causing the system to crash or hang.
A vulnerability has been discovered in the Microsoft Windows operating system. The flaw lies in the way that processes handle messages sent from another process via the PostThreadMessage() API call. Reports indicate that, if a running process has a message queue and is sent one of 3 different messages, the process may terminate. This termination will occur despite any security level differences between processes, as well as any safe guards to prevent this behaviour, such as requiring a password before the process is killed.
It has been reported that MPWeb PRO may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '/./../' character sequences. The issue is caused by insufficient sanitization of user-supplied input. This vulnerability may be successfully exploited to gain sensitive information about a vulnerable host that could be used to launch further attacks against the system.
MPNews PRO is prone to an information disclosure vulnerability due to failing to sufficiently filter specific dot-dot-slash sequences (../). This allows an attacker to view the contents of files located outside of the established web root.
It has been reported that Atrise Everyfind is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the search module of the software. This issue may allow a remote attacker to execute HTML or script code in user's browser. Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks may well be possible.
Multiple SQL Injection vulnerabilities have been discovered that affect DCP-Portal scripts. These issues are likely due to a lack of sufficient sanitization performed on user supplied URI parameters. Attacks have been demonstrated that inject partial SQL queries, as values for URI parameters, in a manner that influences DCP-Portal SQL query logic to the attackers benefit. An attacker may exploit these conditions to disclose DCP Portal credentials, reset user passwords, or perform a denial of service type attack via email spamming.
A local buffer overrun vulnerability has been reported for Silly Poker. The problem occurs due to insufficient bounds checking when handling user-supplied data. As a result, an attacker may be capable of controlling the execution flow of the sillypoker program and effectivley executing arbitrary code with elevated privileges.
It has been reported that Gamespy 3D IRC client may be prone to a remote buffer overflow vulnerability due to insufficient boundary checking. The issue is reported to present itself when the client attempts to connect to a remote IRC server. During the connection process the client is reported to a send USER and NICK requests to the server. A buffer overflow condition may occur if the server responds with a request that is larger than or equal to 262 bytes. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the client in order to gain unauthorized access to a vulnerable system.
It has been reported that Half-Life clients may be prone to a format string vulnerability. The problem occurs when an invalid command is issued to the server, and an error response is returned and displayed by the client. If a format specifier were included within the invalid command, when displaying the error the format specifier would be interperted literally. This could potentially be exploited by a remote attacker to execute arbitrary code with the privileges of the Half-Life client.
Services By CQR