TANne is a freely available, open source session management package. It is available for Unix and Linux operating systems. Due to programming error, it may be possible to exploit a format string vulnerability. A logging function in the TANne program contains insecure syslog() calls. This could result in the execution of attacker-supplied code.
S8Forum is vulnerable to a remote command execution vulnerability. When a user registers with the forum, a file is created locally with the specified username. A malicious user can create a file with an arbitrary name and PHP (.php) extension that contains valid PHP code. The attacker can then cause this file to be executed by requesting it via HTTP.
myPHPNuke does not adequately filter HTML code, making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user. All code will be executed within the context of the website running myPHPNuke, potentially allowing the attacker to steal cookie-based authentication credentials from legitimate users.
When a malformed font file is viewed with the default Windows font viewer, it will cause the system to Blue Screen and reboot.
Frames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers fail to do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across Ethernet segments. Since the Ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked.
AN HTTPD does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user. All code will be executed within the context of the website running AN HTTPD. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.
A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, a malicious attacker may be able to trigger a buffer overrun. Successful exploitation of this issue would allow an attacker to overwrite the vulnerable function's instruction pointer. By causing the program to return to attacker-supplied instructions, it may be possible to execute arbitrary code with the privileges of the target process.
A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, a malicious attacker may be able to trigger a buffer overrun. Successful exploitation of this issue would allow an attacker to overwrite the vulnerable function's instruction pointer. By causing the program to return to attacker-supplied instructions, it may be possible to execute arbitrary code with the privileges of the target process.
DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for some parameters. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker.
A HTML injection vulnerability has been reported for OpenTopic. The vulnerability exists because OpenTopic does not sufficiently sanitize HTML code from private message posts. When a victim user views any private messages, any malicious HTML code will be executed in the web browser in the security context of the site. Exploitation may allow for theft of cookie-based authentication credentials or other attacks.
Services By CQR