A buffer overflow vulnerability has been reported for the Hotfoon dialer. The vulnerability exists in a text input field for dialing telephone numbers. Reportedly, Hotfoon4.exe does not adequately perform boundary checks on this field. It is possible to crash the service and execute code.
httpbench may disclose the contents of web server readable files to remote attackers. Information obtained in this manner may be used to launch further, destructive attacks against a vulnerable system.
It has been reported that the packager fails to use absolute paths to execute system commands. This could potentially allow an attacker to trick the program into running a trojaned binary. Because the vulnerable packager is installed setuid root by default, this could allow a local attacker to take complete control over a system.
Simple Web Server is vulnerable to a directory traversal attack due to improper sanitization of web requests. By adding a slash-slash sequence ('//') to a URI, an attacker can bypass access controls and disclose files on the vulnerable web server.
It has been reported that LiteServe fails to sanitize query strings from indexed folders. It is possible for an attacker to exploit this issue by constructing a malicious link, containing encoded HTML and script code. When the malicious link is clicked by an unsuspecting user, the attacker-supplied HTML and script code will be executed by their web client. Attacks of this nature may make it possible for attackers to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
A remotely exploitable buffer overflow has been discovered in a component included with CGIEmail. By sending a maliciously constructed GET request to the vulnerable server, it is possible for a remote attacker to overrun a buffer, potentially resulting in the execution of arbitrary system commands with the privileges of the mail server.
CuteCast is a web-based streaming media server application. It has been reported that the default configuration of CuteCast is insecure, as it stores user information in a publicly accessible directory. This includes plaintext credentials, which can be accessed via the URL http://www.example.com/cgi-bin/cutecast/members/<username>.user.
Lotus Domino reportedly discloses sensitive banner information when a non-existent NSF database is requested. This may allow a remote attacker to discover information about the layout of the filesystem.
A heap corruption may occur when Pine receives an email message containing a particularly crafted "From:" address. Though the address is RFC compliant, Pine reportedly fails to parse it correctly, resulting in a core dump. Execution of arbitrary code may be possible.
It has been reported that it is possible for unprivileged users to cause QNX systems to stop responding, by creating multiple timers containing specific characteristics.
Services By CQR