The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function 'RtlDosPathNameToNtPathName_U' and may be exploited through other programs that use the library if an attack vector permits it. One of these programs is the implementation of WebDAV that ships with IIS 5.0. The vector allows for the vulnerability in ntdll.dll to be exploited by a remote attacker.
Outblaze web mail service has been reported prone to an authentication cookie spoofing vulnerability. This issue may allow a malicious attacker to bypass the cookie-based authentication mechanisms used by the affected Outblaze web mail server. If successful the attacker may obtain the victim's authentication credentials and gain full access to the victim's e-mail account.
A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges. The problem occurs due to the kernel failing to restrict trace permissions on specific root spawned processes.
A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges. The problem occurs due to the kernel failing to restrict trace permissions on specific root spawned processes.
An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the client. If the username that is sent is invalid, Qpopper immediately disconnects the client. A determined attacker can exploit this weakness to gather a list of valid usernames on a vulnerable system using Qpopper.
Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occurs in several methods in the java.util.zip class. The methods can be called with certain types of parameters however, there does not appear to be proper checks to see whether the parameters are NULL values. When these native methods are called with NULL values, this will cause the JVM to reach an undefined state which will cause it to behave in an unpredictable manner and possibly crash. The following proof of concept has been submitted and demonstrates the use of injectable xsl templates, to exploit this issue.
Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occurs in several methods in the java.util.zip class. The methods can be called with certain types of parameters however, there does not appear to be proper checks to see whether the parameters are NULL values. When these native methods are called with NULL values, this will cause the JVM to reach an undefined state which will cause it to behave in an unpredictable manner and possibly crash. An example of this vulnerability is demonstrated in the code snippet provided.
Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occurs in several methods in the java.util.zip class. The methods can be called with certain types of parameters however, there does not appear to be proper checks to see whether the parameters are NULL values. When these native methods are called with NULL values, this will cause the JVM to reach an undefined state which will cause it to behave in an unpredictable manner and possibly crash. The following cfm will cause Macromedia ColdFusin MX to fail.
A cross-site scripting vulnerability has been discovered in ClearTrust. Specifically, the login page for the management application is not properly sanitized of some user-supplied values. An attacker can exploit this vulnerability by creating a specially crafted URL that includes malicious HTML code for the login page used by ClearTrust.
Under certain circumstances, an attacker may pass command-line switches as URI parameters to the TEXIS executable. This action may cause the vulnerable server to return sensitive information in the form of a webpage to the attacker's browser. Information obtained may be used in further attacks against the system.
Services By CQR