A cross site scripting vulnerability has been reported in some versions of Tomcat. Reportedly, if a HTTP request is made for a JSP, malicious script code embedded in the URI may be included in a page generated by Tomcat.
A vulnerability has been reported in Cobalt RaQ that may allow attackers to obtain elevated privileges. The vulnerability exists in the /usr/lib/authenticate utility which is used by Apache for authentication purposes. Reportedly, the utility creates temporary files with predictable names with world-writeable permissions. This vulnerability is further exacerbated by the fact that /usr/lib/authenticate is a setuid root binary.
scponly is a freely available, open source restricted secure copy client. It is available for Unix and Linux operating systems. The default installation of scponly does not place sufficient access controls on the .ssh subdirectory. Due to this oversight, it is possible for a remote user to upload files which may allow command execution. This could lead to unintended command execution, and regular shell access to a vulnerable host. For example, the user could scp the following to $HOME/.ssh/environment: # ssh environment PATH=/home/myhomedir/:/usr/bin:/bin #end Subsequently, the user could upload the following file to their home directory, and call it scp: #!/bin/sh echo "I'm a bad boy" > /tmp/exploit /usr/bin/scp $@ # end When they next scp a file:
A vulnerability has been reported in some versions of Novell NetWare. This issue lies in the handling of some HTTP requests when Perl is used as a handler by a web server. Reportedly, it is possible for an attacker to execute arbitrary Perl code.
An attacker can exploit this vulnerability by making a malformed request to Bonsai. This causes Bonsai to return an error page to the requesting user. This error page will contain the absolute path information about the requested file.
Multiple cross site scripting vulnerabilities have been reported for the Bonsai tool. An attacker may exploit this vulnerability by causing a victim user to follow a malicious link. Attacker-supplied code may execute within the context of the site hosting the vulnerable software when the malicious link is visited. This type of vulnerability may be used to steal cookies or perform other web-based attacks. It may be possible to take actions as an user of the Bonsai system.
Mantis is vulnerable to a Remote File Inclusion vulnerability due to its failure to properly validate the path to the include file. Attackers can specify an arbitrary path, either to a local file or a file on a remote server, and include PHP files located on remote servers. This can lead to the execution of arbitrary commands with the privileges of the webserver.
A weak default configuration problem has been reported in the Windows binary release of MySQL. Reportedly, the root user of the database is defined with no password, and granted login privileges from any host.
A weak default configuration problem has been reported in the Windows binary release of MySQL. Reportedly, the root user of the database is defined with no password, and granted login privileges from any host.
FUDForum is vulnerable to a directory traversal attack due to a lack of proper input validation in the adm/admbrowse.php script. An attacker can manipulate the 'down', 'cur', 'dest', and 'rid' parameters to access files and directories outside of the FUDForum directories.
Services By CQR