It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue may result in local user privilage escalation. By manipulating environment variables a local attacker may supply, as an include file, an arbitrary local perl-script. This may make it possible to execute the included script with the rights of the openwebmail 'oom' script, which is by default setuid root.
A side-channel attack against implementations of SSL exists that, through analysis of the timing of certain operations, can reveal sensitive information to an active adversary. This information leaked by vulnerable implementations is reportedly sufficient for an adaptive attack that will ultimately obtain plaintext of a target block of ciphertext.
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script.
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script.
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script.
It has been reported that BitchX does not properly handle some types of replies contained in the RPL_NAMREPLY numeric. When a malformed reply is received by the client, the client crashes, resulting in a denial of service.
D-Forum is prone to a remote file inclusion vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by manipulating some URI parameters to point to an external file on a remote server.
The riched20.dll is vulnerable to a buffer overflow that results in the application calling the library to fail. By creating a Rich Text Format (RTF) file with more than 65536 bytes of data in an attribute, the buffer will be overrun. Execution of arbitrary code may be possible. RTF files may be opened automatically by Internet Explorer and Outlook.
The DotBr 'exec.php3' script is prone to a remote command execution vulnerability due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the webserver process.
The DotBr 'system.php3' script is prone to a remote command execution vulnerability due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the webserver process.
Services By CQR