A denial of service vulnerability has been reported for Pocket Internet Explorer (PIE). The vulnerability is due to the way some JavaScript code is interpreted by PIE. By enticing a victim user to browse a maliciously crafted web page an attacker can cause PIE to crash.
A buffer overflow vulnerability has been reported for iCal. The vulnerability occurs when the iCal web server receives an overly long HTTP request. This will cause iCal to crash and result in a denial of service condition.
A denial of service vulnerability has been reported for iCal. The vulnerability occurs when iCal receives a specially formatted HTTP request. This will cause iCal to crash thereby leading to a denial of service.
N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for some parameters. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker.
PEEL is vulnerable to a Remote File Inclusion (RFI) vulnerability, which allows an attacker to include arbitrary files located on remote servers. An attacker can exploit this vulnerability by supplying a path to a maliciously created file, located on an attacker-controlled host, as a value for some parameters. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver.
It is possible to exploit this issue by sending an overly long string as a value for the 'user' URI parameter in a request to the 'chetcpasswd.cgi'.
It has been reported that W-Agora has a vulnerability in the handling of script code. It is possible to format a malicious link containing arbitrary script code or HTML that when clicked on would execute in the security context of the vulnerable site. This would result in a browser security violation, and could lead to the theft of authentication cookies of administrators.
Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various PHP scripts. By exploiting these issues it is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. By injecting SQL code into the 'pass' or 'SPGP' variable, it may be possible for an attacker to corrupt member information. It may also be possible for attackers to perform more advanced attacks on the underlying database.
A vulnerability has been reported for CUPS that if exploited may result in a DoS or the execute of code on affected systems. An attacker can exploit this vulnerability by connecting to a vulnerable system and issuing malformed HTTP headers with a negative value for some fields. When the cupsd service receives this request, it will crash.
A denial of service vulnerability has been discovered in the Linux 2.2 kernel. It has been reported that it is possible for an unprivileged user to cause the kernel to stop responding due to a bug in the implementation of mmap(). It should be noted that this issue does not affect the 2.4 kernel tree. This is because support for mmap() in the /proc/pid/mem implementation has been dropped.
Services By CQR