The mod_ntlm Apache module has been reported prone to a heap overflow vulnerability. The vulnerability occurs due to a lack of sufficient bounds checking performed on user-supplied data, stored in heap memory. By supplying excessive data an attacker may trigger a buffer overflow and corrupt crucial memory management structures. This may result in the execution of arbitrary code in the context of the Apache server.
A denial of service vulnerability has been reported for Xinetd. The vulnerability exists due to memory leaks occuring when connections are rejected. Numerous, repeated connections to a vulnerable Xinetd server will result in the consumption of all available memory resources thereby causing a denial of service condition.
Web Wiz Forum has been reported prone to a sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Forum application. Sensitive information that is contained in the database and stored in plaintext format may be revealed to the attacker. Information collected in this way may be used to aid in further attacks against the system.
EZ Server is vulnerable to a directory traversal attack, which allows an attacker to access sensitive information from the server by sending a specially crafted HTTP request containing directory traversal sequences. For example, an attacker can send a request to the server such as http://[target]/../../winnt/win.ini to access the win.ini file from the Windows directory.
The mod_access_referer Apache module is vulnerable to a NULL pointer dereference when parsing invalid HTTP referer header fields. If an attacker sends a request with a referer header field that is missing the 'http' protocol, the module will attempt to parse the string as a valid URL, resulting in a NULL pointer dereference. This can cause Apache to segfault, resulting in a denial of service.
It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness in error handling to disclose valid usernames.
It has been reported that TW-WebServer is prone to a denial of service vulnerability. Reportedly when an excessive quantity of data is sent to the TW-Webserver as part of a malicious HTTP GET request the server will fail. Although unconfirmed, due to the nature of this vulnerability, an attacker may have the ability to supply and execute arbitrary code.
It has been reported that TW-WebServer is prone to a denial of service vulnerability. Reportedly when an excessive quantity of data is sent to the TW-Webserver as part of a malicious HTTP GET request the server will fail. Although unconfirmed, due to the nature of this vulnerability, an attacker may have the ability to supply and execute arbitrary code.
Xonic.ru News is vulnerable to an attack due to insufficient sanitization of user-supplied data to the 'script.php' file. An attacker can pass malicious PHP or shell commands in requests to a target server, which will be executed with the privileges of the vulnerable application.
It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data. An attacker may exploit this issue to execute arbitrary commands in the security context of the web server hosting the vulnerable IkonBoard.
Services By CQR