A stack overflow vulnerability has been reported for the queue-pr utility of GNATS. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option. Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges.
SimpNews is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a Simpnews URI variable. This variable is used in the include path for several SimpNews configuration scripts. By influencing the include path so that it points to a malicious PHP script on a remote system, it is possible to cause arbitrary PHP code to be executed.
Remote users may be able to send an HTTP request to a Witango server with a cookie containing a specific variable set to an excessively large value. Remote code execution is possible.
It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.
It has been reported that BRU may not properly parse commandline arguments, potentially leading to at least two vectors of exploitation. It may be possible for local attackers to conduct format string-based attacks as well as buffer overflow-based attacks. It should be noted that although BRU does not ship with the suid bit set by default, documentation within the software may instruct users to enable it.
Ultimate Bulletin Board has been reported to be vulnerable to HTML injection due to a lack of sanitization performed on cookie data. A remote authenticated attacker may modify fields of an Ultimate Bulletin Board cookie, and embed HTML code into several of the fields contain therein. The attacker may then use the cookie to inject HTML code into the affected forum, which will be rendered when the forum overview page or latest posts overview page are viewed.
It has been alleged that .netCART fails to adequately protect the contents of a directory in a default install. It is therefore reportedly possible for remote users to request the an XML file from this directory. This could expose sensitive information stored in this file, including authentication credentials to remote attackers.
Under certain configurations, UniVerse allows the 'uvadm' user to perform certain administration tasks for the software. It has been reported that the uvadmsh binary does not perform bounds checking when parsing command-line arguments. While this vulnerability was reported in UniVerse version 10.0.0.9, previous versions are likely vulnerable as well. An attacker can exploit this vulnerability by passing a specially crafted argument to the uvadmsh binary, which can lead to a segmentation fault.
ISA server will output certain error pages when requests that are invalid, for whatever reason, are transmitted through it. These error pages will contain cross-site scripting vulnerabilities that allow for the execution of script code (embedded in the request URI) in the context of client requested domains. The exploit provided for BID 4486 will also reportedly work for this vulnerability. An additional proof-of-concept was supplied by 'http-equiv@excite.com' <1@malware.com> that demonstrates a true status and a false destination.
It has been reported that the uvrestore binary does not perform bounds checking when parsing command-line arguments. Because this binary is installed with suid root privileges by default, local attackers my be able to exploit this vulnerability to elevate privileges. While this vulnerability was reported in UniVerse version 10.0.0.9, previous versions are likely vulnerable as well.
Services By CQR