It has been reported that Dune is vulnerable to a remote boundary condition error when handling long requests. This could allow a remote attacker to execute arbitrary code on a vulnerable system. The exploit exploits the "multiuser" feature of Dune. The request sent will look like: "GET /~[48 bytes/overflow] [shellcode]nn" The shellcode is placed where "HTTP/?.?" would normally go. But, Dune doesn't seem to care. If it is placed elsewhere alot of characters will get truncated/passed to different functions. One problem though. Because of this: main.c:185:if(buffer[0]==EOF) exit(0); main.c:203:if(buffer[0]==EOF) exit(0); no 0xff's can be sent to the server, for this to work. But, the exploit has been made to work around the problem.
MyServer HTTP server is prone to a file disclosure vulnerability. Encoded directory traversal sequences may be used to break out of the web root directory, allowing attackers to gain access to files that are readable by the web server.
An issue has been reported for Microsoft Internet Explorer that may result in HTML injection attacks. The vulnerability exists when IE is used to display custom HTTP error messages also known as 'Friendly HTTP error messages'. Due to some errors when extracting URLs from the custom error pages, it is possible to cause IE to output malicious HTML code. Exploitation may allow theft of cookie-based authentication credentials or other attacks.
A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a parse error that also includes the URL of the requested XML file. In some cases malicious HTML code will not be properly sanitized from the URL, thereby resulting in the execution of script code. Exploitation may allow theft of cookie-based authentication credentials or other attacks.
An unauthenticated attacker could exploit this vulnerability by transmitting a malformed LDAP version 3 request to a target Microsoft Windows 2000 server. When the request is processed, an exception will be triggered effectively causing the target server to crash.
A vulnerability has been discovered in the Linux-Pam pam_wheel module. The problem exists in the way the module authenticates users under certain configurations. Specifically, if the module is configured to allow wheel group members to use the 'su' utility without supplying credentials and is not configured to verify the user's UID, it may be possible for a local attacker to elevated privileges. This can be accomplished by spoofing the users login named, returned by the getlogin() function, to that of a logged in user of the wheel group. Successful exploitation of this condition could ultimately result in an attacker gaining local root access on the target system.
Mailtraq is vulnerable to a format string vulnerability when handling SMTP protocol fields. This vulnerability can be exploited by sending specially crafted strings to the vulnerable server, which can cause the system to become unstable and crash, resulting in a denial of service.
It has been reported that Mailtraq does not securely store passwords. Because of this, an attacker may have an increased chance at gaining access to clear text passwords.
Snitz Forums is prone to cross-site scripting attacks due to insufficient sanitization of data passed to the search facility via URI parameters. Exploitation may allow theft of cookie-based authentication credentials or other attacks.
LedNews is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient input validation. An attacker can inject malicious JavaScript code into a news post, which will be executed when a user views the post. This can be used to steal authentication cookies, redirect users to malicious websites, or perform other malicious activities.
Services By CQR