The cupsd has been reported prone to a denial of service vulnerability. Reportedly the cupsd does not adequately apply a time-out process for malicious HTTP requests and service is denied to subsequent cupsd requests. This issue may be exploited by remote attackers to deny cupsd service to valid users.
It is possible to bypass BadBlue security checks when '.hts' files are requested by a remote user. BadBlue restricts access to non-HTML files by replacing the first two letters in the file extension of a requested resource with 'ht'. If the third character of a file extension is 's', then it is possible to trick BadBlue into serving a non-HTML file with an extension of '.hts'. This will bypass other security checks which would normally prevent BadBlue from serving these files to remote users. This example will reveal the contents of the server's primary volume.
A problem with ttCMS/ttForum could make it possible for a remote user to launch SQL injection attacks. It has been reported that a problem exists in the Instant-Messages script distributed as part of the software. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by the web forums.
Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It may be possible for a local attacker to exploit this condition and have malicious arbitrary code executed in the context of the Maelstrom application. Typically setGID games.
ttCMS is vulnerable to a remote file include vulnerability due to insufficient sanitization of user-supplied variables by the 'header.php' script. An attacker can exploit this vulnerability by sending a malicious URL to the target, which includes a malicious PHP file hosted on the attacker's server.
A vulnerability has been reported for Netscape Enterprise Server. The problem is said to occur while processing HTTP queries containing the '?PageServices' URI parameter. After processing this query the affected server may disclose the contents of established web root, possibly including sub-directories.
Snowblind Web Server has been reported prone to a buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP requests of excessive length. Although unconfirmed, this vulnerability may be exploited to execute attacker-supplied code with the privileges of the vulnerable web server.
Snowblind Web Server does not perform correct access validation on client requested paths which include '../' character sequences. An attacker may exploit this vulnerability to view files outside of the web root directory.
OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error in a Helpdesk script. Reportedly a script does not sufficiently check if an instance of OneOrZero Helpdesk has already been installed. An attacker can exploit this issue by sending a specially crafted POST request to the vulnerable script, which will create an administrative account with the credentials specified in the request.
eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script, which may allow for theft of cookie-based authentication credentials and other attacks.
Services By CQR