An HTML injection vulnerability has been discovered in Captaris Infinite WebMail. Due to insufficient sanitization of HTML content, it is possible for an attacker to embed malicious script code into HTML email messages. This may allow an attacker to steal cookie-based authentication credentials from users of the webmail system. Two examples of malicious code are provided, one which launches on e-mail open and one which launches on mouse over.
Multiple PHP scripts used by PHP-Nuke are vulnerable to cross-site scripting attacks due to insufficient sanitization of web requests. By constructing a malicious link which exploits one of these vulnerabilities, it may be possible to execute arbitrary code within the context of a website visited by an unsuspecting user. This may allow a remote attacker to steal cookie-based authentication credentials, which could be used at a later time to hijack a users web session.
zkfingerd is prone to a format string vulnerability. The affected function does not perform sufficient checks when displaying user-supplied input. It is possible to corrupt memory by passing format strings through the vulnerable function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values. Successful exploitation of this issue may allow the attacker to execute arbitrary instructions, possibly, with elevated privileges.
Due to insufficient sanitization of HTML emails, it is possible for an attacker to embed script code into malicious messages. Opening an email containing attacker-supplied script code would result in the execution of arbitrary script code within the client's browser.
MyPHPLinks is a freely available, open source PHP application distributed by MyPHPSoft. It is available for Unix, Linux, and Microsoft Windows operating systems. It has been reported that a problem with the checking of input by MyPHPLinks exists. A problem in the checking of the idsession variable used by MyPHPLinks to verify Administrator access may allow a remote user to gain access to the host. This problem could allow an attacker to gain administrator access to the MyPHPLinks section of a web site by using the following URL: http://www.example.com/admin/index.php?idsession='%20OR%20''='
A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script. Information obtained by exploiting this issue may aid an attacker in launching further attacks against a target server.
Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems. It has been reported that Mambo enables a script by default that may reveal sensitive information. The phpinfo.php script is packaged with Mambo, and installed by default in the administrator subdirectory. A remote user may use this script to gain information about the server, including path and environment information.
MySQL is prone to a memory corruption vulnerability in the COM_CHANGE_USER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges, it may be possible to corrupt sensitive regions of memory. It has been reported that it is possible to overwrite the saved instruction pointer on the stack with bytes generated by the random number generator of the password verification algorithm. Theoretically, an attacker could leverage such a condition to cause execution of arbitrary code in the security context of the MySQL server process.
A flaw in the password authentication mechanism for MySQL may make it possible for an authenticated database user to compromise the accounts of other database users. The flaw lies in the fact that the server uses a string returned by the client when the COM_CHANGE_USER command is issued to iterate through a comparison when attempting to authenticate the password. An attacker may authenticate as another database user if they can successfully guess the first character of the correct password for that user.
A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to cause arbitrary code to be executed within the context of the visited 404 page by embedding script code into the HTTP 'referer' header.
Services By CQR