Novell Netware Enterprise Web Server cgi2perl.nlm has been reported prone to a buffer overflow vulnerability. The issue presents itself, likely due to insufficient bounds checking performed on user-supplied data. It has been reported that a remote attacker may send data in a manner sufficient to trigger the condition, and cause one or more server ABEND conditions.
moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a moregroupware URI variable. This variable is used in the include path for several moregroupware configuration scripts. By influencing the include path so that it points to a malicious PHP script on a remote system, it is possible to cause arbitrary PHP code to be executed.
A problem in the 3Com 812 OfficeConnect has been reported that may result in the router becoming unstable. Because of this, an attacker may be able to deny service to legitimate users of the vulnerable router by submitting an excessively long request.
A vulnerability has been reported in the MySQL AB ODBC (Open Data Base Connectivity) driver implementation. The MySQL ODBC driver reportedly stores plain text credentials used to connect to the specified database in the system registry. These credentials may be disclosed and used to connect to the target database. Other ODBC drivers may also be prone to the same issue, though this is not confirmed.
Savant web server has been reported prone to multiple denial of service vulnerabilities. Reportedly, a remote attacker may invoke many HTTP requests in succession, against the Savant web server and cause the service to fail. Additionally a remote attacker may make a HTTP request of excessive length. This will also reportedly cause the service to fail.
cgitest.html has been reported prone to cross-site scripting attacks. The issue occurs due to a lack of sufficient sanitization performed on data supplied to the cgitest.html script. This issue could be exploited to cause hostile HTML and script code to be rendered in the browser of a user who is enticed to visit a malicious link to the vulnerable script.
A buffer overflow condition has been reported in top when handling environment variables of excessive length. This may result in an attacker potentially executing arbitrary code.
WebCalendar is vulnerable to an information disclosure issue which allows an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process. This can be done by sending a specially crafted HTTP request to the vulnerable server, such as http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd.
It has been reported that attackers may be able to modify the 'location' variable passed to the index.php file to cause the Web server to return arbitrary files. This script is prone to a directory traversal vulnerability, allowing attackers to retrieve any file residing on the filesystem readable by the Web server user.
The Drupal content management system is prone to a cross-site scripting vulnerability. This issue is exposed through the main page and through other sub-pages. An attacker may exploit this issue by including hostile HTML and script code in a malicious link to Drupal. This code may be rendered in the web browser of a user who visits the link.
Services By CQR