MyServer has been reported to be prone to denial of service attacks when handling certain malformed URIs. This could be exploited to deny availability of web services to legitimate users.
cPanel is prone to an HTML injection vulnerability. It is possible for remote attackers to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be rendered in their browser in the context of the site hosting cPanel.
It has been reported that the Mailwatch plugin for GKrellM is vulnerable to a remotely exploitable buffer overflow. This may permit the execution of arbitrary code with the privileges of the GKrellM program. Proof of Concept code for a buffer overflow in gkrellm plugin gkrellm-mailwatch 2.4.2 is provided. Overflow occurs in when processing the 'From' (not 'From:') field of the email. This is remotely exploitable if you can pass shellcode through the mail servers with out it getting foobar'ed in the process.
IglooFTP PRO for Windows platforms has been reported prone to multiple buffer overrun vulnerabilities. The issue likely presents itself due do a lack of sufficient bounds checking performed on data that is copied into a reserved internal memory buffer. Remote arbitrary code execution has been confirmed.
IglooFTP PRO for Windows platforms has been reported prone to multiple buffer overrun vulnerabilities. The issue likely presents itself due do a lack of sufficient bounds checking performed on data that is copied into a reserved internal memory buffer. Remote arbitrary code execution has been confirmed. It should be noted that although this vulnerability has been reported to affect IglooFTP PRO version 3.8, other versions might also be affected.
rundll32.exe has been reported prone to a buffer overflow vulnerability. The condition has been reported to be triggered when an excessive string is passed to the vulnerable application as a routine name for a module. Exploitation of this issue may be hindered, due to the fact that user-supplied data is converted to Unicode.
OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to prevent filtering of the attachment by omitting a certain URI parameter from a generated URL. If did parameter does not exist, no filtering will be performed. Unfiltered, the script code will execute if embedded in an HTML email opened by a user.
A vulnerability has been reported for the RDS service that may allow an attacker to obtain unauthorized access to a data residing on a ColdFusion MX server. It is possible for a remote user to configure their web site properties to access files residing on the vulnerable server. Any information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system.
ProductCart is an e-commerce application written in ASP. It is vulnerable to a directory traversal attack which allows an attacker to view the contents of the database file. By requesting the URL http://victimhost/productcart/database/EIPC.mdb, an attacker can view the contents of the database file.
The vulnerability exists due to insufficient sanitization of some user-supplied values. Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.
Services By CQR