A buffer overflow condition exists due to insufficient bounds checking of fields in skinfiles. There is an unchecked buffer for the "CONTROLnImage" field of the "skin.ini" file. By supplying an overly long filename as a value for this field, it is possible to overwrite stack variables. An attacker may exploit this condition to overwrite the return address with a pointer to embedded attacker-supplied instructions.
Microsoft Exchange 5.5 and the SMTP (Simple Mail Transfer Protocol) service included with IIS (Internet Information Services) 4.0 and 5.0 are vulnerable to an encapsulated SMTP address vulnerability. The vulnerability allows an attacker to bypass the SMTP server's security checks and send emails to any address, even if the server is configured to not allow relaying. This can be exploited by sending an email with an encapsulated address, which is a specially crafted address that contains the target address within it.
ATPhttpd is a small webserver designed for high-performance. There exist several exploitable buffer overflow conditions in ATPhttpd. Remote attackers may levarage these vulnerabilities to gain access on affected servers.
Popcorn email client will stop responding when attempting to open malformed messages. Reportedly, a message containing an unusual amount of data or a malformed string of characters in the subject field will initiate a denial of service. This has also been known to occur when the date field of a mail message has the year specified higher than 2037.
Lil' HTTP server is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient input validation. An attacker can construct a malicious URL containing scripting code that will be executed in the user's browser when the URL is accessed.
Sun i-Runbook is a single point of technical and administration management for Sun production environments. i-Runbook provides a web interface. i-Runbook can be led to disclose the contents of a known resource. This is accomplished by submitting a specially crafted request with the absolute path to a known directory or file. This issue could result in the disclosure of sensitive information.
Fluid Dynamics Search Engine is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can construct a malicious URL that will cause scripting code to be embedded in a search results page. When an innocent user follows such a link, the script code will execute within the context of the hosted site.
GoAhead WebServer 2.1 is vulnerable to Cross-Site Scripting attacks due to unsanitized requested URLs when displaying a 404 error page. An attacker may be able to trick a user into following a link which includes malicious script code, and executing the attack.
A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly, it is possible to launch directory traversal attacks against GoAhead WebServer. It is possible for remote attackers to access arbitrary files residing on a vulnerable host. It has been reported that it is possible to exploit this vulnerability to access arbitrary files on the server through a directory traversal attack. GoAhead WebServer correctly prevents attackers from using '../' sequences for directory traversal attacks. However, it does not prevent attackers from using URL encoded substitutions for the '/' character. Orange Web Server 2.1 is based upon GoAhead WebServer and is also vulnerable to this issue. It is also possible to connect directly to a GoAhead WebServer using netcat or telnet and issuing a GET command for a known file using regular directory traversal sequences.
Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate reference to an embedded object containing a web page from the same domain. This script may then change the location of the embedded object to a sensitive page, and maintain the reference to the object. This provides full access to the DOM of the embedded page.
Services By CQR