It has been reported that some versions of Amavis-ng do not properly interact with Postfix. Because of this, an attacker may be able to circumvent relay restrictions. An attacker can connect to the Postfix SMTP server and issue a HELO command with the name of the Amavis-ng server. The attacker can then issue a MAIL FROM command with a valid user address and a RCPT TO command with an invalid user address. The attacker can then issue a DATA command and send an email to a valid user address. The email will be accepted and relayed by the Postfix server.
A vulnerability has been reported for Py-Membres 4.0 that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the login.php file included with Py-Membres. Because of this, a remote attacker may launch SQL injection attacks through the software. An example of such an attack is provided, which will save all user passwords to a file.txt file, which will be remotely accessible.
Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker may upload a malicious JPEG. The attacker may craft it in such a way that PHP code execution will occur when the image is viewed. This attack may result in arbitrary PHP code execution in the security context of the web server that is hosting the vulnerable application.
A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory. Successful exploitation of this issue could allow an attacker to execute arbitrary commands, with the privileges of the Samba process.
A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory. Successful exploitation of this issue could allow an attacker to execute arbitrary commands, with the privileges of the Samba process.
Interbase is vulnerable to arbitrary file corruption due to insufficient checks when creating or manipulating external databases. An attacker can exploit this vulnerability by creating a table with an external file path pointing to a system file, such as '/etc/passwd', and then inserting malicious data into the table. This will result in the corruption of the system file.
An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. An attacker may be able to exploit this vulnerability by manipulating some URI parameter to include malicious SQL commands and queries which may result in information disclosure, or database corruption.
A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. Sending either of the incomplete HTTP headers 'Connection:' and 'Range:' to the server will cause it to crash.
Local users may be capable of influencing the include path for PHPSysinfo language include files. If the malicious language file is symlinked to a web server readable file, the contents of the linked file may be disclosed to the attacker. The file may also contain PHP code which may be executed in the context of the web server hosting the vulnerable application.
A weakness has been discovered on various systems that may result in an attacker gaining information pertaining to the existence of inaccessible files. The problem lies in the return times when attempting to access existent and non-existent files. By making requests for various files, it may be possible for an attacker to deduce whether the file exists, by examining the amount of time it takes for an error to be returned.
Services By CQR