A remote file include vulnerability has been reported for Cafelog. Due to insufficient sanitization of some user-supplied variables by the 'blogger-2-b2.php' and 'gm-2-b2.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL. If the remote file is a malicious PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the web server.
Shoutbox is vulnerable to directory traversal attacks due to insufficient sanitization of user-supplied values to URI parameters. An attacker can exploit this vulnerability by manipulating the value of the affected 'conf' URI parameter to obtain any files readable by the web server.
When WebDAV receives excessively long requests to the 'PROPFIND' or 'SEARCH' variables, the IIS service will fail. All current web, FTP, and email sessions will be terminated. It has been reported that if a WebDAV request with a certain number of bytes is received, the Inetinfo service will remain alive but cease serving requests. This will cause the IIS server to stop serving requests until the service is manually restarted.
Bandmin is vulnerable to cross-site scripting attacks. An attacker can execute malicious scripts in the context of the site hosting Bandmin by enticing a user to follow a malicious link.
BaSoMail SMTP Server has been reported prone to a buffer overflow vulnerability. The issue is likely due to a lack of sufficient bounds checking performed on arguments passed to SMTP commands. It may be possible to exploit this issue to execute arbitrary attacker supplied code by sending a buffer size of 2100 bytes to the SMTP server via the HELO, Mail From, or Rcpt to commands.
BaSoMail POP3 server has been reported prone to a remote denial of service vulnerability. It has been reported that a remote authenticated attacker, may supply negative value integers to several POP3 commands successively. If the attacker then invokes the QUIT command the BaSoMail server will reportedly fail, possibly due to an internal exception.
A buffer overflow vulnerability has been reported for Tornado www-Server. The vulnerability exists when Tornado processes overly long HTTP requests. This will result in the server crashing. Although unconfirmed, it may be possible to exploit this vulnerability to execute malicious attacker-supplied code.
Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to a JSP application hosted on the vulnerable server. Under some circumstances if this link is followed the code will be executed in the browser of the web user who visits the link.
Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead serve it as a normal web resource.
A vulnerability has been reported that could enable a member of the news system to create and access an administrative account. This is due to insufficient validation of data supplied to account editing input fields of Newsscript.
Services By CQR