Tutos is vulnerable to a Remote Code Execution vulnerability due to improper input handling in the file_select script. An attacker can exploit this vulnerability by sending malicious code in the 'msg' parameter of the file_select script. This code will be executed in the browser of the user with the privileges of the vulnerable site.
MyServer HTTP server is prone to a remote denial of service attack due to a lack of sufficient bounds checking, performed on arguments that are supplied via malicious HTTP GET requests. A malicious HTTP GET request containing excessive data can trigger a segmentation fault in the server executable and the software will fail.
It has been reported that the RuFSI Utility Class is vulnerable to a boundary condition error when invoked with long strings. This could potentially lead to the execution of code with the privileges of the user executing the web browser.
A heap overflow vulnerability has been reported for the pr-edit utility of GNATS. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option. Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges.
A potential information disclosure vulnerability has been reported for the Linux /proc filesystem, specifically when invoking setuid applications. As a result, an unprivileged user may be able to read the contents of a setuid application's environment data. This could potentially, although unlikely, result in the disclosure of sensitive information, such as restricted file path information.
A vulnerability has been reported for Filemanager that may result in the disclosure of arbitrary files. The vulnerability exists due to insufficient sanitization of user-supplied values for URI parameters. A malicious attacker can specify arbitrary absolute paths as the value of the URI parameter. This will result in the requested file being disclosed to the attacker.
A buffer overflow vulnerability has been reported for Abuse-SDL that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient bounds checking performed on certain command-line options.
pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplied data that is passed as the query to the affected module. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied code passed as the keywords URI parameter may execute within the context of the site hosting the vulnerable software when the malicious link is visited.
When a request is made for a target PHP script, possibly requiring a blank URI parameter, pMachine is said to throw an exception. When this occurs, the resulting error page discloses the installation directory of the respective PHP script.
Web Filter is vulnerable to a directory traversal attack due to insufficient sanitization of '.../' sequences. This allows an attacker to access sensitive files on the server. For example, the above URL can be used to execute the 'dir' command on the Windows system.
Services By CQR