A directory traversal vulnerability exists in Software602 602Pro LAN SUITE 2003, which allows an attacker to gain access to potentially sensitive information. This is done by sending a specially crafted HTTP request to the webmail server, such as http://www.example.com/mail/m602cl3w.exe?A=GetFile&USER=7921604D7A587937986E24242C0588&DL=0&FN=../../../boot.ini, where USER signifies the current webmail user's username.
Software602 602Pro LAN SUITE 2003 stores user credentials in plaintext in the S030904L.LOG file. An attacker can gain access to this file and view the credentials, potentially allowing them to gain access to the system.
cfengine is prone to a stack-based buffer overrun vulnerability. This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd. This issue is due to insufficient bounds checking of data that is read in during a transaction with a remote user. The vulnerability may be exploited to execute arbitrary code with the privileges of cfservd. A denial of service may also be the result of exploitation attempts as cfservd is multi-threaded and may not be configured to restart itself via a super-server such as inetd.
cfengine is prone to a stack-based buffer overrun vulnerability. This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd. This issue is due to insufficient bounds checking of data that is read in during a transaction with a remote user. The vulnerability may be exploited to execute arbitrary code with the privileges of cfservd. A denial of service may also be the result of exploitation attempts as cfservd is multi-threaded and may not be configured to restart itself via a super-server such as inetd.
Null HTTPd is prone to a remotely triggered denial of service vulnerability. The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTPd server. It has been reported that a remote attacker may make a malicious HTTP POST request, specifying a 'Content-Length' value in the HTTP header and then sending data that amounts to 1 byte less that the specified Content-Length. This will reportedly leave each connection on the server in an open state. An attacker can exploit this condition to trigger a denial of service of the affected server.
It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script code in a user's browser. The issue was previously reported and fixed (BID 5603), however an attacker may send a long HTTP request to the software, which may overwrite memory containing the fix for cross-site scripting issue. As a result, an attacker may bypass the check for cross-site scripting and construct a link containing malicious HTML and script code to be rendered in a user's browser upon visiting that link. Successful exploitation of this issue may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
It has been reported that yMonda Thread-IT is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'Topic Title', 'Name', and 'Message' fields. This problem is due to insufficient sanitization of user-supplied input. Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin modules are affected by these vulnerabilities. Four instances of this vulnerability have been pointed out, all appearing to be in the Debug module. These vulnerabilities may allow an attacker to execute script code in the context of another client session. Cookie theft and content modification attacks are possible.
It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is inadequate and can be evaded easily by specifying the absolute path of the requested directory.
It is possible to trigger a denial of service condition in Gauntlet Firewall SQL gateway (sql-gw) by making multiple connections to the port which the service listens on. This issue was reported for Gauntlet Firewall version 6, running on Solaris. Other versions may also be affected.
Services By CQR