The issue presents itself when the affected server receives and processes a malformed UDP datagram. Reportedly when the server handles a UDP datagram containing malformed data, an exception will be thrown and the StarSiege Tribes Game Server will crash. Service will be denied, to current connected users of the system.
It has been reported that remote users may be able to obtain sensitive information from Asus ADSL routers. It is possible to request files from the built-in Web server that contain information such as usernames, passwords and other configuration information.
It has been reported that Twilight WebServer may be prone to a remote buffer overflow vulnerability. The problem may be present due to a lack of bounds checking performed on incoming GET requests. Arbitrary code execution may be possible.
A vulnerability has been reported in htmltonuke, a web-based content management system, that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable script. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a user. The URL would contain a malicious script that would be executed in the user's browser.
ASP-DEV Discussion Forum contains a vulnerability that exposes potentially sensitive information, allowing an attacker to gain access to user credentials. User credentials are stored in the sub-directory http://www.example.com/forum/admin/user_data/.
It has been reported that the FTP gateway component within the gopherd server is prone to a buffer overflow vulnerability. This vulnerability may be present due to a failure to perform bounds checking when processing long filenames returned from the FTP LIST command. This could permit code execution in the context of the software. When exploiting this bug, it is made moderately easy by gopherd. Because, the buffer that holds the string is 8192 bytes, and on the stack. Meaning the amount of NOPs used can be around ~7500.
Mabry Software HTTPServer/X is prone to directory traversal attacks. This could be exploited by a remote attacker to gain access to sensitive files on a system hosting the web server implementation.
A buffer overflow vulnerability has been reported in IglooFTP. The vulnerability occurs when IglooFTP is parsing 'Welcome' banner messages from remote FTP servers. When IglooFTP receives an FTP banner exceeding a certain length, it will trigger the overflow condition. This could allow for execution of malicious code in the context of the FTP client.
It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote attackers to embed SQL commands which are to be passed to the underlying database engine.
ChangshinSoft ezTrans Server is vulnerable to an arbitrary file disclosure vulnerability. This vulnerability is due to a lack of proper input validation in the download.php script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request will contain a maliciously crafted filename parameter that will allow the attacker to view arbitrary files on the server. This may result in the disclosure of potentially sensitive information.
Services By CQR
