A cross site scripting vulnerability has been reported for PHP-Nuke. Specifically, PHP-Nuke does not sufficiently sanitize user-supplied input for the 'username' URI parameter to the modules.php script. This may allow for theft of cookie-based authentication credentials and other attacks.
CDRecord has been reported prone to a format string vulnerability. The issue presents itself due to a programming error that occurs when calling a printf-like function. It has been reported that by harnessing an unsupported feature of the CDRecord utility, an attacker may supply format string specifiers as the 'dev' argument passed to the vulnerable utility. This may ultimately result in the execution of attacker-supplied code in the context of the CDRecord utility. It has been reported that CDRecord is installed setUID root on several distributions.
It has been reported that the ActiveX control used by the Yahoo! Voice Chat feature is prone to an exploitable buffer overflow vulnerability. This issue can be exploited via a malicious web page that calls the vulnerable control with malformed parameters. Although unconfirmed, it has been conjectured that this condition may be exploited to execute arbitrary code.
Happymall E-Commerce is prone to a file disclosure vulnerability due to insufficient sanitization of user-supplied URI parameters. An attacker can view the contents of sensitive system files with the privileges of the Happymall process.
It has been reported that multiple input validation bugs exist in the Web_Links module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitation could result in compromise of the web forums or more severe consequences. An attacker can exploit this vulnerability by sending a specially crafted URL to the vulnerable server, such as: http://www.example.com/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=2%20<our_code>, where <our_code> represents attacker-supplied SQL code.
Happymall E-Commerce is prone to cross-site scripting attacks due to insufficient sanitization of user-supplied URI parameters. An attacker can execute arbitrary script code within the browser of a legitimate user visiting the site by crafting a malicious URL.
It has been reported that Pi3Web server is prone to a denial of service vulnerability. Reportedly, when a malicious GET request is sent to the Pi3Web server the server will fail. It should be noted that the Unix version has been reported vulnerable, it is not currently known if other platforms are affected.
A denial of service vulnerability has been reported for EServ. The vulnerability exists due to the way the server handles connections. Specifically, memory allocated for open connections are not properly freed when a connection no longer exists. This will result in a consumption of all available memory resources. It has been reported that EServ version 3.0 previously thought to be invulnerable to this issue is affected by this vulnerability. This version was tested on Windows 2000.
A denial of service vulnerability has been reported for EServ. The vulnerability exists due to the way the server handles connections. Specifically, memory allocated for open connections are not properly freed when a connection no longer exists. This will result in a consumption of all available memory resources.
Info-ZIP UnZip contains a vulnerability during the handling of pathnames for archived files. Specifically, when certain encoded characters are inserted into '../' directory traversal sequences, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem - including paths containing system binaries and other sensitive or confidential information.
Services By CQR