phpGB is vulnerable to HTML injection attacks due to its failure to check for the presence of HTML tags when generating guestbook entries. An attacker can inject HTML and script code into guestbook entries, which will be executed in the web client of the administrative guestbook user when the admin attempts to delete the entry.
WoltLab is prone to SQL injection attacks due to insufficient sanitization of parameters handled by the board.php script. It is possible to exploit this condition to gain administrative privileges within the bulletin board system by supplying malicious parameters in a web request.
phpGB is vulnerable to a SQL injection vulnerability due to the bulletin board relying on the PHP magic_quotes_gpc directive to sanitize variables that are used in SQL queries. If magic_quotes_gpc is not enabled, then it will be possible for attackers to mount SQL injection attacks through the guestbook. SQL injection may allow attackers to corrupt the database and gain administrative guestbook privileges. An existing administrator name (default is admin) can be used with the password "' OR 'a'='a" to exploit this vulnerability.
When a Microsoft Internet Explorer (MSIE) window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domain or Security Zone. It has been reported that such checks fails to occur against attempts to access the frames of child window documents. It is possible for a parent window to set the URL of frames or iframes within a child window regardless of the domain or Security Zone. This has serious security implications as the parent can cause script code to be executed within the context of the child domain by setting the URL to the 'javascript' protocol, followed by the desired code. Attackers may also execute script code within the 'My Computer' Zone. This may have more severe consequences.
It has been reported that a vulnerability in the PHP header function exists. It may be possible for a user to supply arbitrary script code in an URL that would allow the injection of script code into the HTTP header.
SWS Simple Web Server is prone to a denial of service when requests not ending with a newline are received. Remote attackers may exploit this condition to deny access to legitimate users of the web server.
A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via an overly long value for the NLSPATH environment variable. Because of this flaw, a local attacker may be able to execute arbitrary instructions. As a result, the attacker may be able to execute malicious code and elevate privileges.
A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via an overly long value for the NLSPATH environment variable. Because of this flaw, a local attacker may be able to execute arbitrary instructions. As a result, the attacker may be able to execute malicious code and elevate privileges.
AFD (Automatic File Distributor) is prone to a number of locally exploitable stack and heap based buffer overflow conditions. These issues are all related to insufficient bounds checking of externally supplied values for the working directory, either via the command line or through an environment variable. A number of the vulnerable AFD binaries are installed setuid root and may potentially be exploited by a local attacker to execute arbitrary code as root.
Aestiva HTML/OS is a database engine and development suite for building websites and web-based software products. HTML/OS does not sufficiently sanitize metacharacters from error message output. In particular, attackers may inject HTML into error pages. It is possible to create a malicious link to the server which will generate an error page with attacker-supplied HTML and script code when visited. Arbitrary HTML and script code will be executed by the web client of the user visiting the server, in the security context of the server.
Services By CQR