A format string vulnerability has been discovered in Exim. The problem occurs in the daemon_go() function. By supplying malicious format strings via the command line, it is possible for an attacker to execute arbitrary code with root privileges.
phpBB is vulnerable to cross site scripting attacks due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an attacker to steal a legitimate users cookie-based authentication credentials.
It has been reported that Zeroo fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources located outside of the web root. An attacker is able to traverse outside of the established web root by using dot-dot-slash (../) directory traversal sequences. An attacker may be able to obtain any web server readable files from outside of the web root directory.
Several Linksys Broadband Router devices are prone to a buffer overflow conditions. The vulnerability occurs due to insufficient allocation of memory for buffers. An attacker can exploit this vulnerability by issuing an overly long GET request to the vulnerable Linksys device. When the device attempts to process the malformed input, it will be possible to corrupt sensitive memory. This may allow an attacker to change configuration information on the vulnerable device.
Cyrus IMAPD does not sufficiently handle overly long strings. In some cases, when a user connects to the daemon, and upon negotiating the connection sends a login string of excessive length, a buffer overflow occurs. This could result in heap corruption and arbitrary words in memory being overwritten. It may be possible to exploit this issue to execute arbitrary code.
It has been reported that the ftpd server, included in the Embedded Real Time Operating System (ERTOS) of 3Com Superstack 3 NBX IP phones, contains a denial of service vulnerability. This issue can be triggered by sending a CEL paramater of excessive length, effectively causing the ftpd server and various VoIP services to no longer respond. It should be noted that this issue may be similar to the vulnerability described in BID 679. Although unconfirmed, it should also be noted that due to the nature of this vulnerability under some circumstances it may be exploited to execute arbitrary code.
A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. An attacker can exploit this vulnerability by issuing a HTTP request with an overly long GET request for a document. Due to insufficient buffers being allocated when processing the data, it may be possible to corrupt sensitive memory on the system stack.
An information disclosure vulnerability has been reported for SuidPerl. Reportedly, it is possible for an attacker to determine whether files exist in non-accessible directories. An attacker can exploit this vulnerability by invoking suidperl with an absolute filename to determine whether the file exists. When run in this manner, suidperl will return with a message that confirms the existence of a file.
A cross-site scripting vulnerability has been reported in the YaBB forum. This vulnerability is due to insufficient sanitization of URI parameters in some scripts. As a result, it is possible for a remote attacker to create a malicious link to the login page of a site hosting the web forum. When this link is visited by an unsuspecting web user, the attacker-supplied code will be executed in their browser in the security context of the vulnerable website. It has been demonstrated that this vulnerability may be exploited to steal cookie-based authentication credentials.
ImageFolio is prone to cross site scripting attacks due to insufficient sanitization of user-supplied input. The vulnerability exists in various cgi scripts included with ImageFolio. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Bugzilla. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.
Services By CQR