It is reportedly possible to reproduce this condition by sending a flood of UDP packets of random sizes to random ports on a system hosting the vulnerable software.
An information leakage issue has been discovered in Check Point Firewall-1. Because of this, an attacker may gain sensitive information about network resources.
It has been reported that multiple PC2Phone products are prone to a remote denial of service condition. The problem is said to occur when processing excessive data passed to the programs via a UDP packet and could result in the product crashing. This could result in an established conversation prematurely ending, or potentially other attacks.
Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse user-supplied input for directory traversal sequences (../) supplied to the 'sitebuilder.cgi' script, thus making it possible to access files outside of the established web root.
TSguestbook is prone to HTML injection attacks due to insufficient sanitization of user-supplied input within the 'message' field. An attacker may post a guestbook entry including malicious HTML or script code within the said field, which could result in the execution of arbitrary code within the browser of an unsuspecting guestbook user.
The 'invitefriends.php3' script of Ezboard has been reported prone to cross-site scripting attacks. The issue occurs due to a lack of sufficient sanitization performed on user-supplied URI parameters. This issue could be exploited to cause hostile HTML and script code to be rendered in the browser of a user who is enticed to visit a malicious link to the vulnerable script.
The 'wgate.dll' componenet of SAP Internet Transaction Server has been reported prone to cross-site scripting attacks. The issue occurs due to a lack of sufficient sanitization performed on data supplied to the 'wgate.dll' library. Exploitation could allow theft of cookie-based authentication credentials or other attacks.
SAP is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of sensitive files. The problem occurs due to the application failing to parse user-supplied input for directory traversal sequences (../) and due to correct bounds checking verification, making it possible to bypass the appending of the .html exentsion to requested files. As a result, it may be possible to access sensitive files residing outside of the requested location.
SAP Internet Transaction Server (SITS) is vulnerable to an information disclosure attack due to the server disclosing sensitive local filesystem information when handling malformed requests. An attacker can submit a request containing invalid values and receive an error response message in return, which may contain sensitive information.
File Sharing for Net is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse user-supplied input for directory traversal sequences (../), thus making it possible to access files outside of the established web root.
Services By CQR