The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
An attacker can connect to the HostingDirector server and spoof HTTP referrer data to bypass HostingDirector authentication systems. This allows the attacker to make arbitrary modifications to other HostingDirector account configurations.
A vulnerability has been discovered in WebBBS Pro, which may allow a remote attacker to trigger a denial of service condition in the WebBBS HTTP server. It has been reported that a remote attacker may cause the web server to throw an exception by making a malformed HTTP request. This request will cause the web server to throw an exception and terminate.
It has been reported that Simple Web Server fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources located outside of the web root.
An attacker may exploit this condition to effectively deny service to legitimate ArGoSoft Mail server users until the service is restarted.
Insufficient bounds checking in the lsmcode utility will allow locally based attackers to cause memory to be corrupted with attacker-supplied data. As a result, it is possible to exploit this condition to execute arbitrary attacker-supplied instructions with elevated privileges.
Aiglon Web Server is vulnerable to an information disclosure attack. A remote attacker can make a malformed HTTP request to the server and cause it to disclose installation path details. This information can be used to aid in further attacks against the host running the affected software.
mnoGoSearch 'search.cgi' has been reported prone to a buffer overflow vulnerability. The issue is a result of a lack of sufficient bounds checking performed on user-supplied URI parameters that are passed to the 'search.cgi' application. It may be possible for an attacker to exploit this vulnerability and have arbitrary code executed in the context of the web-server process.
H-Sphere is prone to multiple cross-site scripting vulnerabilities via the HTML template feature in the Hosting Control Panel. HTML and script code will not be filtered from pages which are generated when a request for an invalid or unknown template is made. This could be exploited if a web user follows a malicious link to a site hosting the vulnerable software that includes hostile HTML or script code. The link may also need to contain the username of a valid, logged in user.
It has been reported that under some circumstances, it is possible violate the cross-domain restriction of browser security. Because of this, an attacker may be able to execute a file across domains and in the local security zone, giving an attacker unintended access to a system.
Services By CQR