A problem in the handling of large requests supplied with certain flags has been reported in Maj-Jong. Because of this, it may be possible for a local attacker to gain elevated privileges.
It has been discovered that WebFS is prone to a buffer overrun vulnerability when handling path names of excessive length. As a result, an attacker may be capable of triggering the condition and overwriting sensitive memory with malicious data. This could ultimately allow for the execution of arbitrary code with the privileges of the WebFS HTTP server.
A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI parameter that is passed to signin.asp. An attacker could exploit this condition to render arbitrary HTML in the browser of a victim, stealing cookie authentication credentials or performing other nefarious acts.
Geeklog is prone to multiple vulnerabilities, including cross-site scripting and SQL injection issues. Exploitation of these issues could permit unauthorized access to user accounts and sensitive information.
It has been reported that one of the scripts included with GuppY is vulnerable to an HTML injection attack. The script, 'postguest.php', does not perform input validation to prevent the inclusion of HTML/script content in messages posted to the portal by remote clients. The flaw is present in the implementation of the '[c]' tag, which can be used by users posting messages in the forum or in the guestbook components of GuppY portals. An example of the exploit is '[c=expression(alert('unsecure'))]texte[/c]'.
Savant Web Server is prone to a denial of service vulnerability. The server reportedly goes into an infinite loop upon receipt of a specially crafted HTTP GET request that causes the server to repeatedly redirect to the default page.
ZoneAlarm was found vulnerable to a serious vulnerability leading to a remote Denial Of Service condition due to failure to handle udp random packets, if an attacker sends multiple udp packets to multiple ports 0-65000, the machine will hang up until the attacker stop flooding.
A problem in the handling of data in the Home environment variable has been reported in the marbles program. This may make it possible for a local attacker to gain elevated privileges. An attacker can exploit this vulnerability by setting the HOME environment variable to a buffer of 30000 bytes, containing a return address of 0xbffff70c, followed by 2000 bytes of NOP instructions and the shellcode. This will cause the program to execute the shellcode when it is run.
sbox has been reported prone to a path disclosure vulnerability. The issue has been reported to present itself when a HTTP request is made for a CGI resource that does not exist. sbox will reportedly return an error message that contains path information. Information contained in this error message may aid an attacker in further attacks mounted against a vulnerable system.
A vulnerability has been discovered in MPlayer when handling malformed streaming ASX file headers. The problem occurs due to insufficient bounds checking performed within asf_http_request(). It has been demonstrated that it is possible for a remote attacker to provide a malicious streaming ASX file that will overrun the bounds of a reserved buffer, when a vulnerable version of MPlayer is used to interpret the file. Remote arbitrary code execution has been confirmed possible.
Services By CQR