A vulnerability has been discovered in SheerDNS due to insufficient sanitization of DNS requests, an attacker may be able to view the contents of an arbitrary system directory or file. Information obtained by exploiting this issue may aid an attacker in launching further attacks against a target system.
Ocean12 Guestbook Manager has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Guestbook Manager. Guestbook administration credentials contained in the database and stored in plaintext format may be revealed to the attacker. Information collected in this way may be used to aid in further attacks against the system.
It has been reported that a remote attacker may trigger an exception in DirectoryService by repeatedly connecting to specific network ports. An exploit code has been provided which can be compiled as 'touch' and executed to gain root access.
Guestbook has been reported prone to a sensitive information disclosure weakness. An attacker may disclose sensitive information regarding the Super Guestbook install by sending a HTTP request for the Guest Book passwd file. Administration credentials are displayed in the attacker's browser.
Super Guestbook has been reported prone to a sensitive information disclosure weakness. An attacker may disclose sensitive information regarding the Super Guestbook install by sending a HTTP request for a Guest Book configuration file. Details including administration credentials are displayed in the attackers browser.
It has been reported that SNMP community strings which, are world readble by default, contain sensitive information pertaining to the internal protected network. Data collected in this manner may be used in further attacks against the victim network.
A buffer-overflow vulnerability has been discovered in PoPToP PPTP. The problem occurs because the software fails to do sufficient sanity checks when referencing user-supplied input used in various calculations. As a result, an attacker may be able to trigger a condition that would corrupt sensitive memory. Successful exploits of this issue may allow attackers to execute arbitrary code with the privileges of the affected server.
It has been reported that user-supplied input to phPay is not sufficiently sanitized. This lack of sanitization provides an opportunity for an attacker to launch cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. Any attacker-supplied code will be executed within the context of the website running phPay.
It has been reported that when specially crafted requests are made for many phPay pages and include files, an error condition may be triggered. The resulting error message may contain path information relative to the phPay installation and requested file.
QuickFront does not properly sanitize user-supplied input. Specifically, directory traversal sequences such as '../' to HTTP requests are not removed. An attacker can exploit this vulnerability to view sensitive system resources.
Services By CQR