A buffer overrun vulnerability has been reported in Microsoft Windows that can be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. The issue is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system. This issue may be exposed on other ports that the RPC Endpoint Mapper listens on, such as TCP ports 139, 135, 445 and 593. This has not been confirmed. Under some configurations the Endpoint Mapper may receive traffic via port 80.
A vulnerability has been reported in the IBM U2 UniVerse uvadmsh program that could permit the uvadm user to execute arbitrary code with elevated privileges. The -uv.install option of the vulnerable program allows a user to specify an arbitrary path to a file. In cases where uvadmsh is installed setuid root, this could be abused to run an executable file of the attacker's choosing.
PHP is prone to an issue that may allow programs to bypass Safe Mode by calling external files in restricted directories using include() and require(). The problem is known to occur when the safe_mode_include_dir PHP directive is not defined. A logic error reportedly exists which could result in PHP failing to run a security check when attempting to access a file via an include() or require() call, potentially bypassing the Safe Mode model. This could allow unauthorized access or policy bypass in environments that use Safe Mode, such as in cases where a web server resource is shared by multiple users.
The HTTP component of NetSuite has been reported prone to a directory traversal vulnerability. Various combinations of encoded directory traversal sequences may be used to break out of the web root directory. Attackers may gain access to files that are readable by the web server as a result.
Splatt Forum has been reported prone to a HTML injection vulnerability. An attacker may save a Splatt Forum post form, and modify it so that the post icon value contains arbitrary attacker supplied HTML code. As a result, a malicious user may have the ability to submit a post to the site containing embedded script code.
BlazeBoard fails to adequately protect the contents of a directory in a default install, allowing remote users to request files from this directory. This could expose sensitive information stored in these directories to remote attackers.
The issue presents itself when the affected server receives and processes a malformed UDP datagram. Reportedly when the server handles a UDP datagram containing malformed data, an exception will be thrown and the StarSiege Tribes Game Server will crash. Service will be denied, to current connected users of the system.
It has been reported that remote users may be able to obtain sensitive information from Asus ADSL routers. It is possible to request files from the built-in Web server that contain information such as usernames, passwords and other configuration information.
It has been reported that Twilight WebServer may be prone to a remote buffer overflow vulnerability. The problem may be present due to a lack of bounds checking performed on incoming GET requests. Arbitrary code execution may be possible.
A vulnerability has been reported in htmltonuke, a web-based content management system, that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable script. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a user. The URL would contain a malicious script that would be executed in the user's browser.
Services By CQR