A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficient sanitization of user-supplied URI parameters. This issue may be exploited by a remote attacker to obtain sensitive server information, which could aid in launching further attacks against a target system.
A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is possible to inject a Session ID into the access control list. Successful exploitation of this vulnerability may allow an attacker to bypass typical authentication procedures, thus gaining adminstrative access to a webmin/usermin interface.
A buffer-overrun vulnerability has been reported in the Zlib compression library. Due to the use of 'vsprintf()' by an internal Zlib function, an attacker can cause memory to become corrupted. This buffer overrun occurs becuase the software fails to check the boundaries of user-supplied data given to the 'gzprintf()' function. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary instructions.
Perl2Exe is a tool used to convert Perl source code into an executable format. When the 'encrypt' option is selected, the source code is obfuscated using a reversible algorithm. However, this obfuscation can be reversed by using the known cipher and plain text to calculate the key, which can then be used to decrypt the unknown cipher.
Cisco IOS is prone to a remotely exploitable buffer overflow condition when handling malformed OSPF (Open Shortest Path First) packets. The overflow occurs when more than 255 OSPF neighbors are announced. This may make it possible to execute malicious instructions on a device running a vulnerable version of the software. Denial of service is also possible.
Sage is prone to a cross site scripting vulnerability due to insufficient sanitization of input submitted in URI parameters. An attacker may create a malicious link to a site hosting Sage, which contains malicious HTML or script code. When such a link is visited by an unsuspecting user, attacker-supplied script code will be interpreted by their web client.
Sage Content Management System contains a path disclosure vulnerability. When a request is made for a module that does not exist, the returned error message contains the full path to the Sage installation directory. Disclosed path information could be used to launch further attacks against the system.
myPHPNuke 'links.php' does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running myPHPNuke. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.
A SQL injection vulnerability has been reported in phpBB2. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database. This issue may be exploited to cause sensitive information to be disclosed to a remote attacker.
PHPNuke, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database. This issue may be exploited to cause sensitive information to be disclosed to a remote attacker.
Services By CQR