A remote attacker is able to connect to SimpleServer via telnet and makes an invalid request to the server. This will cause the web server to crash and potentially lead to a buffer overflow condition. This issue was originally reported as a denial of service, however, it has been reported possible to initiate a buffer overflow condition.
Ruslan Communications <Body>Builder is vulnerable to SQL injection attacks due to insufficient input validation. A malicious user can supply special characters in the login password field to modify the SQL query used to validate the user, allowing for access to the administrative interface.
SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML (Extensible Markup Language) format. Such queries can be sent using various methods of communication, one of which is via HTTP. SQLXML HTTP components reside in a virtual directory on a web server and are not enabled by default. It is possible, under some circumstances, to inject arbitrary script code via XML tags. This may allow an attacker to execute script code in the context of the Internet Explorer Security Zone associated with the IIS server running the vulnerable components.
A buffer overflow issue has been discovered in the SQLXML ISAPI extension that handles data queries over HTTP(SQLXML HTTP). It is possible for a user to initiate the overflow by connecting to a host and submitting malformed data. This issue has been reported to exist in SQL Server 2000 Gold, other versions may be vulnerable as well. IIS-Server/Nwind/Template/catalog.xml?contenttype=text/AAAA...AAA This uses a 'template' file instead of a direct query to cause inetinfo.exe to crash.
Netscape Communicator and Mozilla browsers include support for email, and the ability to fetch mail through a POP3 server. Under some circumstances, malformed email messages may prevent Netscape and Mozilla clients from accessing POP3 mailboxes. In particular, users will be unable to access more recent messages or delete the malicious email.
A vulnerability has been reported for simpleinit that may allow users to execute arbitrary commands as the superuser. The vulnerability occurs because simpleinit may allow some child processes to inherit a file descriptor with read-write access. The file descriptor is used to access /dev/initctl and this descriptor is normally used by 'initctl', 'need' and 'provide' programs to pass instructions to simpleinit. The simpleinit process runs with root privileges. A local user whose process inherits this file descriptor will be able to cause simpleinit to execute commands as the superuser.
A vulnerability has been reported in Macromedia JRun for Windows that results in a denial of service condition. The vulnerability occurs when JRun encounters a malicious JSP page. The following snippet of code is reported to crash the JRun JSP engine: new WPrinterJob().pageSetup(null,null);
The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input. This may enable attackers to inject arbitrary HTML into form fields, which will be stored on guestbook pages. Additionally, it has been demonstrated that SSI (Server-Side Includes) may also be injected in this manner, and may be executed depending on the underlying environment.
A vulnerability has been reported in Apache Tomcat for Windows that results in a denial of service condition. The vulnerability occurs when Tomcat encounters a malicious JSP page. The following snippet of code is reported to crash the Tomcat JSP engine: new WPrinterJob().pageSetup(null,null);
csNews is a script for managing news items on a website. It is possible for a malicious admin user to bypass file type restrictions on the header and footer file. This may result in arbitrary system files being displayed to remote users, and the disclosure of sensitive information. The ability to exploit this vulnerability may only require 'public' access to csNews if used in conjunction with issues discussed in BID 4993.
Services By CQR