Lil' HTTP Server is vulnerable to HTML injection attacks due to insufficient sanitization of user input in the 'REPORT' function found in the 'urlcount.cgi' script. An attacker can inject arbitrary HTML into the reports page, which can be used to execute malicious JavaScript code when visited by a web user.
A buffer overflow vulnerability has been reported in the Inktomi Traffic Server. The vulnerability occurs in the traffic_manager binary included with Inktomi Traffic Server. Executing traffic_manager with an excessively long commandline argument will cause the buffer overflow condition. As traffic_manager is a setuid root binary, it is possible for a remote attacker to obtain root, or superuser, privileges on a compromised system.
The OpenSSH team has reported two vulnerabilities in OpenSSH that are remotely exploitable and may allow for unauthenticated attackers to obtain root privileges. The conditions are related to the OpenSSH SSH2 challenge-response mechanism. They occur when the OpenSSH server is configured at compile time to support BSD_AUTH or SKEY. Attackers can exploit the vulnerabilities by crafting a malicious response. Since this occurs before the authentication process completes, remote attackers without valid credentials may exploit this. Successful exploits may result in the execution of shellcode or a denial of service. Proof-of-concept code has been made public.
The OpenSSH team has reported two vulnerabilities in OpenSSH that are remotely exploitable and may allow for unauthenticated attackers to obtain root privileges. The conditions are related to the OpenSSH SSH2 challenge-response mechanism. They occur when the OpenSSH server is configured at compile time to support BSD_AUTH or SKEY. Attackers can exploit the vulnerabilities by crafting a malicious response. Since this occurs before the authentication process completes, remote attackers without valid credentials may exploit this. Successful exploits may result in the execution of shellcode or a denial of service.
A vulnerability has been reported in the /opt/cifsclient/bin/cifslogin utility distributed with CIFS/9000. The utility is prone to several buffer overflow conditions and may lead to root compromise. The vulnerability occurs due to the lack of bounds checking when accepting user input for various commandline options. Specifically, the utility fails to check for excessively long arguments to the following commandline options: '-U', '-D', '-P', '-S', '-N', and '-u'.
BadBlue is a P2P file sharing application distributed by Working Resources. The ext.dll ISAPI does not sufficiently sanitize input. Because of this, it is possible for a user to create a custom URL containing script code that, when viewed in a browser by another user, will result in the execution of the script code. This could allow for the execution of malicious JavaScript in the context of a trusted site.
An off-by-one issue exists in mod_ssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by default, it is popular as it allows non-privileged users to create web access control schemes for hosted sites, and is enabled through the "AllowOverride" configuration variable in Apache. A .htaccess file with 10000 or more bytes set into the variable DATE_LOCALE will result in a buffer overflow within the web server process handling the request.
Pirch is subject to a buffer overflow condition. The overrun occurs if a user receives on a maliciously constructed link. It is not confirmed whether the user must first click on the link or not. This issue is the result of inadequate bounds checking on externally supplied data.
It is reported possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. YaBB fails to check URLs for the presence of script commands when generating error pages, allowing attacker supplied code to execute. If such a URL is sent to a YaBB user, upon accessing the link, the attacker-supplied code will run in the context of the site running the vulnerable software. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of YaBB.
A denial of service vulnerability has been reported in some versions of the Half-Life server. A remote party may create a large number of new users on a specific server through spoofing the connection conversation. As servers contain a set limit on the maximum number of players, server resources will be exhausted, and legitimate players will not be allowed to join the game.
Services By CQR