sdfingerd has been reported prone to a local privilege escalation vulnerability. The issue presents itself because the sdfingerd daemon fails to sufficiently drop group privileges before executing commands that are contained in a users .plan file. An attacker can exploit this vulnerability to gain root privileges.
Tmax Soft JEUS is vulnerable to a cross site-scripting attack. The vulnerability is present in the url.jsp script of the Tmax Soft JEUS server. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link.
Kerio Mailserver is vulnerable to a cross site-scripting attack. The vulnerability is present in the do_map module of the Kerio Mailserver web mail component. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing malicious HTML code.
Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Successful exploitation of this vulnerability could potentially result in the execution of arbitrary code, with the privileges of the Kerio MailServer process.
It has been reported that MidHosting FTP Daemon does not properly implement shared memory when the m flag (-m) is enabled. Because of this, an attacker could corrupt process memory, causing the service to crash. The exploit code creates a shared memory segment of 16384 bytes and fills it with 'A' characters.
It has been reported that WebForums Server does not properly handle some types of requests. Because of this, attackers may be able to gain access to files on the host server with the privileges of the web server process. Examples of directory traversal proof of concepts had been provided by R00tCr4ck <root cyberspy org>.
Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization of URI parameters submitted within HTTP requests. It has been discovered that all information disclosure and data corruption issues are in fact not vulnerabilities. The issue lies in the default IMAP configuration, allowing a remote authenticated user to specify their local mailbox file. This behaviour is clearly specified in the IMAP FAQ. All actions carried out by an authenticated user are done with their own local system privileges, effectively having no affect on the system. This information has been confirmed by the vendor. It should also be noted that the vendor has announced that the privilege elevation issue is indeed legitimate.
A denial of service condition exists in GuildFTPD that may allow a remote user to deny service to legitimate GuildFTPD users. The denial of service occurs when the server receives several successive malformed CWD commands from an authenticated client.
A vulnerability has been reported for CesarFTP. Reportedly, an attacker may crash a target server by supplying excessive data as the argument to the 'CWD' command. This may result in the server hanging, effectively denying service to other legitimate FTP users.
A buffer overrun vulnerability has been reported for CesarFTP. The problem is said to occur when multiple 'USER' commands are processed within a single session. When the issue is triggered, it may be possible to overwrite sensitive locations in memory. Although unconfirmed, it may be possible to exploit this issue to execute arbitrary code on a target system.
Services By CQR