GoAhead WebServer is an Open Source embedded web server which supports Active Server Pages, embedded javascript, and SSL authentication and encryption. It has been discovered that a buffer overflow exists in GoAhead WebServer. This vulnerability could make it possible for a remote user to execute arbitrary code with the privileges of the web server process. This could lead to an attacker gaining remote access to a vulnerable host.
A vulnerability has been reported for Interchange 4.8.5 and earlier. Reportedly, Interchange may disclose contents of files to attackers. The vulnerability occurs due to the placement of the 'doc' folder. Reportedly, the folder will be installed as follows: <INTERCHANGE_ROOT>/doc. This folder, by default, contains Interchange man pages. This vulnerability is only exploitable when the Interchange service runs in INET (Internet service) mode. An attacker may exploit this vulnerability to the contents of restricted files accessible to the Interchange process. It has been reported that this issue may be exploited through a '../' directory traversal sequence in a HTTP request to the vulnerable server.
An error has been reported in Microsoft Internet Explorer 6, which may allow malicious file attachments to execute arbitrary code in the context of the local system. HTM files are associated with Internet Explorer. It is possible for an attacker to cause Internet Explorer to force a download of a malicious HTM file. The downloaded HTM file may include malicious attacker-supplied script instructions that will be executed on the victim user's system.
The CERN httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is possible for arbitrary HTML or script code to be embedded in the error page through a maliciously constructed link. When the error is displayed, the script will be executed within the context of the proxy server's error page on the client browser. This may permit various web-based attacks including stealing cookies, etc.
It has been discovered that Metaframe can be made to become unstable. By connecting to the Metaframe server using custom-crafted Java ICA files, a remote user may be able to create instability in the Metaframe server. The server typically reacts to this vulnerability by disconnecting all users, and either crashing requiring a manual reboot, or crashing and rebooting.
Midicart ASP is a commercially available e-commerce solution distributed by Coxco Support. It is available for the Microsoft Windows operating system. The default installation of Midicart ASP does not place sufficient access control on the midicart.mdb file. Due to this lack of access control, it is possible for a remote user to gain access to this file. This file may yield sensitive customer information, such as customer names, addresses, and credit card information.
isdn4linux contains a format string vulnerability in the ipppd utility. In some installations, this utility is installed with setuid root privileges. Exploitation of this vulnerability could lead to a local attacker executing code with administrative privileges.
It is possible to remotely gain access to the identification string used for configuration of OEM access points manufactured by Orinoco through SNMP. By sending a custom-crafted SNMP query to a vulnerable access point, the access point will return system credentials, including the identification string. This identification string can be used as the administrative community string.
Falcon Webserver does not sufficiently sanitize HTML tags from error message output. In particular, attackers may inject HTML into 301 and 404 error pages. It is possible to create a malicious link to the server which will generate an error page with attacker-supplied HTML and script code when visited. Arbitrary HTML and script code will be executed by the web client of the user visiting the server, in the security context of the server.
The 602Pro LAN SUITE 2002 Telnet Proxy is reported to be prone to a denial of service condition. It is possible for proxy users to use the loopback interface to connect to localhost. If a large number of these connections are made concurrently, it is possible to cause a denial of service via resource exhaustion.
Services By CQR