A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages used by the DTA interface. This vulnerability may be the result of inadequate sanitization of user-supplied values for some parameters. A remote attacker may exploit this vulnerability by creating a malicious URL that includes specially crafted SQL queries to execute commands or compromise the database.
BizTalk Server is vulnerable to SQL injection attacks due to inadequate sanitization of user-supplied values for some parameters. A remote attacker can exploit this vulnerability by creating a malicious URL that includes specially crafted SQL queries to execute commands or compromise the database.
Microsoft BizTalk Server 2002 contains a boundary condition error that could allow a buffer to be overrun. Successful exploitation could allow arbitrary code execution in the security context of the IIS Server hosting the application.
It has been reported that 3D-FTP client may be prone to a buffer overflow condition. This issue is due to the client not implementing sufficient bounds checking on banner data copied into local memory buffers. It may be possible for remote attackers to corrupt sensitive regions of memory with attacker-supplied values, possibly resulting in execution of arbitrary code.
A vulnerability has been reported for Opera versions 7.10 and earlier. The problem is said to occur due to insufficient bounds checking on filename extensions. As a result, it may be possible for an attacker to corrupt heap-based memory. Successful exploitation of this vulnerability may result in a denial of service, possibly prolonged. If a malicious filename entry were placed in a cache file, Opera may continuously crash until the cache file has been deleted.
A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context. Exploitation of this vulnerability may lead to disclosure of local file contents. Additional exploit examples can be found in the attached Bugtraq reference.
A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used.
A problem with Onecenter ForumOne could allow remote users to execute arbitrary code in the context of the web site hosting ForumOne. The problem occurs due to the lack of sanitization performed on data embedded within HTML tags. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website implementing the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials. Other attacks are also possible.
Remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information.
Alt-N WebAdmin allows a remote user to access files that they should not be able to access. The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system. NOTE: The user must have administrative privileges in WebAdmin to access these files.
Services By CQR