The linux-atm 'les' executable has been reported prone to a buffer overflow vulnerability. This issue is due to a lack of sufficient bounds checking performed on data supplied via specific command line arguments to the 'les' executable. Excessive data may overrun the bounds of an internal memory buffer and corrupt adjacent memory. As a direct result of this issue arbitrary code execution is possible.
A HTML injection vulnerability has been discovered in Xoops. The problem occurs due to insufficient filtering of HTML and script code by the MyTextSanitizer script. Successful exploitation of this vulnerability may allow a malicious Xoops user to execute arbitrary HTML or script code within the browser of a legitimate user.
Libopt library has been reported prone to a buffer overflow vulnerability. It has been reported that several Libopt.a error logging functions, may be prone to buffer overflow vulnerabilities when handling excessive data. The data may be supplied as an argument to a program linked to the vulnerable library. This condition arises from a lack of sufficient bounds checking performed on the user-supplied data, before it is copied into a memory buffer. As a result the bounds of an internal stack-based memory buffer may be overflowed and adjacent memory corrupted with attacker supplied data. It should be noted that no SUID applications linked to this library are currently known. Although unconfirmed this vulnerability may be exploited to execute arbitrary attacker supplied code.
It has been reported that a vulnerability exists in Opera 7.10 that may result in a denial of service. The problem reportedly occurs when processing a 'news:' URL of excessive length. It has been reported that this issue will trigger a condition that will prevent Opera from functioning until the program has been reinstalled.
A denial of service vulnerability has been discovered in VisNetic ActiveDefense. The problem occurs when multiple HTTP requests are subsequently made to a server, containing a specific amount of data. After processing these requests, the affected system will crash. The system must be restarted to restore regularly functionality. Transmit 90 packets to the target server, each containing the following data: GET /xxx...[100]..xxx.htm HTTP/1.0, where [100] is a string of 100 characters.
Truegalerie is vulnerable to an unauthorized administrative access vulnerability due to insufficient sanitization of some URI values. By sending a specially crafted HTTP request, an attacker can gain administrative access to the application.
It has been reported that Nokia IPSO does not properly handle some types of requests through Voyager. Because of this, an attacker with access to the interface may be able to view potentially sensitive information.
When a VPN is configured to use a pre-shared master secret and a client attempts to negotiate keys in aggressive mode, a hash of the secret is transmitted across the network in clear-text. This may result in the hash being leaked to eavesdroppers or malicious clients. An offline brute-force attack on this hash may then be performed to obtain the clear-text secret.
It has been reported that the SAP Database install tool SDBINST may perform operations non-atomically when installing the SAP database. This condition may open a window of opportunity for a malicious user to replace one of two SAP Database files with a malicious file, before SBDINST sets the setuid bit on the files. An attacker may exploit this vulnerability to gain root privileges.
A vulnerability has been discovered in Microsoft Internet Explorer. Due to insufficient bounds checking performed by URLMON.DLL it may be possible for a malicious web server to trigger a buffer overflow. This could result in the execution of arbitrary code within the context of the client user. A malicious web server can send a specially crafted HTTP response with a long Content-type and Content-encoding header to trigger the buffer overflow.
Services By CQR