ProductCart is vulnerable to an SQL injection attack that can be used to bypass the authentication system and access the ProductCart administration panel. This is achieved by appending an SQL statement to the 'idadmin' parameter in the URL.
isdnrep has been reported prone to a local command line argument buffer overflow vulnerability. The issue presents itself due do a lack of sufficient bounds checking performed on user-supplied data that is copied from the command line into a reserved internal memory buffer. It is possible for a local attacker to influence the execution flow of isdnrep and have arbitrary operation codes executed in the context of the vulnerable application. Exploitation could permit privilege escalation on systems where the application is installed setuid/setgid.
A local buffer overflow has been reported for GNU an that may result in an attacker potentially obtaining elevated privileges. The vulnerability exists due to insufficient boundary checks performed on some commandline options. Successful exploitation may result in the execution of attacker-supplied code. Privilege escalation may be possible on systems where the utility is installed setuid/setgid.
A local buffer overflow has been reported for GNU Chess that may result in an attacker obtaining elevated privileges. The vulnerability exists due to insufficient boundary checks performed on some commandline options. Successful exploitation may result in the execution of attacker-supplied code. To be exploited for elevated privileges, the software must be setuid or setgid.
It has been reported that an attacker may make a malicious HTTP request that will trigger an exception in the affected server, effectively denying service to legitimate users. It should be noted that while this vulnerability has been reported to affect the web interface of Axis Print Server 560 and 5600 running firmware versions 6.10, 6.15 and 6.20, other versions might also be affected.
OpenBSD PF is prone to an information leakage vulnerability when configured to redirect incoming traffic from standard ports to high ports. This occurs because PF responds differently to packets destined for active private addresses than to those destined for inactive ones. This could be exploited to enumerate network resources for other network segments in preparation for further attacks.
It has been reported that the K2 Toolkit does not sufficiently sanitize input by users. Because of this, it may be possible for an attacker to launch an attack that results in the execution of hostile HTML or script code in the browsers of users that have loaded a malicious link created by the attacker.
MyBace Light is vulnerable to a Remote File Inclusion vulnerability due to the lack of proper sanitization of the $hauptverzeichniss and $template_back variables in the includes/login_check.php and admin/login/content/user_daten.php files respectively. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
It has been reported that Verity K2 Toolkit does not sufficiently filter user-supplied search parameters. As a result of this reported deficiency, it may be possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user, if the link is followed. This may allow for theft of cookie-based authentication credentials and other attacks.
It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for any user to overwrite any file. This creates many opportunities for local attackers to obtain root privileges. A snippetisnip from an strace of the cuxs binary shows: execve("../bin/cache", ["cache"], [/* 19 vars */]) which is stupid stupid stupid since cuxs is +s. A proof of concept exploit is provided which creates a directory called crapche/bin and copies the ash shell into it, then executes it using the cuxs binary.
Services By CQR