Meteor FTP Server is prone to a memory corruption vulnerability that can be triggered by a malicious client via an overly value for the FTP USER command. This could be exploited to cause a server crash and potentially execute arbitrary code in the context of the affected server.
It has been reported that a cross site scripting vulnerability exists in the Downlaods and Web_Links modules of PostNuke. It is possible that an attacker may construct a link containing malicious script code that could be executed in a browser of a user who visits the link. Exploitation could allow theft of authentication cookies.
A problem in the handling of long strings in environment variables by xpcd may result in a buffer overflow condition. This may allow an attacker to gain unauthorized access to system resources. An attacker can exploit this vulnerability by crafting a malicious string and passing it as an argument to the xpcd binary. This will cause a buffer overflow and overwrite the return address of the stack, allowing the attacker to execute arbitrary code.
C-Cart is prone to a path disclosure vulnerability. Passing invalid data as a URI parameter to several C-Cart scripts will cause an error message to be displayed, which contains installation path information.
A directory traversal vulnerability exists in the Sun ONE Administration Server due to insufficient input validation. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the server, which contains directory traversal sequences such as '../../../../etc/passwd'. This will allow the attacker to access sensitive information, such as the server's password file.
The issue presents itself due to a lack of sufficient sanitization performed by functions in the error.asp script on user-influenced URI parameters. This vulnerability may be exploited to permit the theft of cookie authentication credentials if a malicious link is followed. Other attacks may also be possible.
D-Link DI-704P has been reported prone to a remote denial of service vulnerability. The issue presents itself when a request of excessive length is sent to the router. This causes the device to behave in an unstable manner. Malicious requests may result in a complete denial of service condition requiring a device reboot, or the loss of the ability to log in to the administration interface. Although unconfirmed, it should be noted that other D-Link devices that use related firmware might also be affected.
IBM DB2 ships with a number of shared libraries, stored in a directory owned by the user and group 'bin'. As setuid root utilities are linked to these libraries, their ownership by a user and group of a lower privilege level constitutes a vulnerability. If an attacker can obtain user or group bin privileges, the shared libraries can be overwritten with malicious replacements designed to obtain root privileges from the setuid root utilities that use them.
IBM's DB2 database ships with a utility called db2job, installed with permissions 4550 and owned by root.db2asgrp. It has been reported that db2job writes to a number of files with root privileges. The files written to are created with 0770 permissions (owner, group writeable) and are owned by root.db2asgrp. If a symbolic link is written to, the file pointed to will be overwritten and given these permissions. This can be exploited by local attackers with execute privileges to gain root access by writing malicious data to sensitive files (such as /etc/passwd, /etc/shadow) that have been overwritten.
EveryBuddy is prone to a denial of service vulnerability when handling instant messages of excessive length. This could be exploited with a malicious instant messaging client. This condition may be due to a buffer overflow, though this has not been confirmed.
Services By CQR