php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords.
A vulnerability has been discovered in multiple vendor implementations of the 'gethostbyname()' library function, which is used to resolve network addresses. The 'gethostbyname()' function fails to implement sufficient bounds checking on data copied into local memory buffers. Under some circumstances, attackers may exploit this issue to overwrite sensitive locations in memory and may leverage the issue to execute arbitrary commands with the privileges of the vulnerable application. This issue may be local or remote, depending on the particular applications that use the function on vulnerable systems.
A buffer overflow condition has been discovered in the Intel iParty server. It is possible to trigger a denial of service by submitting an excessive number of characters to the network port used by the iParty server. The server will need to be restarted to regain normal functionality. This issue may be due to a buffer overrun, potentially resulting in arbitrary code execution.
A buffer overflow vulnerability has been discovered in the libIM library available for the AIX 4.3, 5.1, 5.2 operating system. As a result it may be possible to overwrite sensitive memory in programs linked to the affected library. By identifying a linked application with the setuid bit applied, it may be possible to exploit this vulnerability to execute code with elevated privileges. Under certain circumstances this issue may pose as a remote security threat.
The rs.F3000 binary is prone to an issue that may allow attackers to obtain unauthorized access to a vulnerable system. A denial of service attack is also possible. This is due to multiple instances of the system() function being used in an unsafe manner.
A buffer overflow vulnerability has been reported in the stmkfont utility shipped with HP-UX systems. The problem occurs due to insufficient bounds checking on user-suplied data to the alternate typeface library command-line option. A local attacker may be able to exploit this issue to execute arbitrary code with elevated privileges. All Avaya PDS 9 and 11 platforms are vulnerable to this issue. Avaya PDS 12 platforms running on HP-UX 11.00 are vulnerable as well. PDS 12 versions running on HP-UX 11.11 are not vulnerable.
The Windows NT and 2000 command prompt (cmd.exe) does not properly handle paths containing more than 256 characters. If the cd (change directory) command is used to change to a subdirectory resulting in a path with more than 256 characters, a buffer is overrun. This could lead to cmd.exe failing with the possibility of code execution on Windows NT 4.0 systems. Automated scripts that traverse and preform operations on arbitrary directories are particularly vulnerable. On Windows 2000 systems, cmd.exe will become 'jailed' in the directory.
A buffer overflow vulnerability has been reported for FAR that may result in a denial of service condition. The vulnerability exists due to insufficient bounds checking performed by FAR when parsing directory paths. Specifically, when FAR attempts to parse overly long paths it will crash thereby resulting in a denial of service condition.
It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'emailreader_execute_on_each_page.inc.php' script. Under some circumstances, it is possible for remote attackers to influence the include path for a configuration file to point to an external file on a remote server. If the remote file is a malicious PHP script, this may be exploited to execute arbitrary system commands in the context of the web server. It has also been reported that it is possible to cause local files to be included, resulting in disclosure of webserver readable files to the attacker.
Opera ships with a trusted Java class ('opera.PluginContext') that includes a native method that is reportedly prone to denial of service attacks. It is possible for a malicious Java applet to trigger this condition to cause a denial of service. This issue was reported in versions of Opera for Microsoft Windows operating systems.
Services By CQR