It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via e-mail. If successfully exploited, a malicious HTML file may be used to steal an unsuspecting users iPlanet Messaging cookies. Other attacks may also be possible. The following script code has been provided to demonstrate indirect session hijacking using web redirection: function%20steal(){var%20xmlHttp%20=%20new%20ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("GET","<URL_to_spoof>",false);xmlHttp.send();xmlDoc=xmlHttp.responseText; "xmldoc" can be redirected with a "img src", "window.open", to the attacker machine.
upclient has been reported prone to a buffer overflow vulnerability when handling command line arguments of excessive length. It is possible for a local attacker to seize control of the vulnerable application and have malicious arbitrary code executed in the context of upclient. An attacker may harness elevated privileges obtained in this way to manipulate arbitrary areas in system memory through /dev/mem or /dev/kmem devices.
A vulnerability exists in the Downloads module of http://www.example.com, which allows a remote attacker to submit a string that causes a denial of service to legitimate users. This is due to insufficient validation of user-supplied input when processing submissions to the rating system.
Batalla Naval is prone to a remotely exploitable buffer overflow when handling requests of excessive length. This could allow for execution of malicious instructions in the context of the game server.
A vulnerability has been discovered in PostNuke Phoenix v0.723 and earlier. Specifically, the Glossary module fails to sufficiently sanitize user-supplied input, making it prone to SQL injection attacks. Exploitation may allow for modification of SQL queries, resulting in information disclosure, or database corruption.
When WebWeaver receives unusually long POST or HEAD requests, a denial of service condition may result. Restarting WebWeaver will allow normal operation to resume.
A vulnerability has been reported that could enable a P-News member to create and access an administrative account due to insufficient validation of data supplied to account editing input fields of P-News.
Vignette software has been reported prone to multiple cross-site scripting vulnerabilities. Reportedly the issue presents itself, because the Vignette software does not sufficiently sanitize HTML characters from user-supplied data. It may be possible for an attacker to supply and execute HTML and script code on a web client in the context of the site hosting the Vignette software. This may allow for theft of cookie-based authentication credentials and other attacks.
ifenslave for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It is possible for a local attacker to seize control of the vulnerable application and have malicious arbitrary code executed in the context of ifenslave. ifenslave is not installed setUID or setGID by default. It should be noted that although this vulnerability has been reported to affect ifenslave version 0.07 previous versions might also be affected.
A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP file. As a result, it may be possible for a remote attacker to execute arbitrary PHP commands within the context of the web server. The execution of these commands would only occur when an administrator chooses to view the log of forum activity via the 'admin_iplog.php' script. An example of the exploit is given as: $ telnet www.target.org 80 Connected to www.target.org at 80 GET /board/index.php HTTP/1.0 User-Agent: <? phpinfo(); ?>
Services By CQR