csNews is vulnerable to a double URL encoding attack, which allows an attacker to view and modify some administration pages. This is accomplished by submitting a HTTP request in which some metacharacters are double URL encoded.
When Xsco is executed, and an excessively long argument is supplied to the -co flag, a heap overflow occurs. This problem could allow a local user to supply a maliciously formatted string with the -co option that could result in the execution of arbitrary code, and elevated privileges.
W-Agora is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. In particular, the 'inc_dir' variable found in a number of the W-Agora scripts defines the path to the configuration file. It is possible, under some configurations, for an attacker to specify an arbitrary value for the location of the configuration file which points to a file on a remote server. If the included file is a PHP script, this may allow for execution of arbitrary attacker-supplied code.
Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks. Attacker-supplied script code may potentially end up in webpages generated by Geeklog and will execute in the browser of a user who views such pages, in the security context of the website. Example: Link input($url) :<scriptsrc="http://forum.olympos.org/f.js">Alper</script>
MyHelpDesk (version 20020509 and earlier) is vulnerable to SQL injection attacks due to lack of input sanitization. By supplying malicious data via CGI parameters, an attacker can modify the logic of a SQL query. For example, the following URL can be used to gain root access: http://[TARGET]/supporter/index.php?t=detailticket&id=root%20me
It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for unsanitized CGI parameters. If the link is sent to a MyHelpDesk user and clicked on, the attacker-supplied HTML code will run in the context of the site running the vulnerable software.
MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through parameters specified via URL. The attacker-supplied HTML code will be executed by the web client of users who visit such pages, in the security context of the site running the vulnerable software. This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users.
X Window System behaves unpredictably when handling an overly large font size. If an attacker can pass an overly large font size to X Window System, it is possible to cause a denial of service condition. Remote exploitation of this issue is possible via web clients or other applications which do not check that the font size is sane before passing it to the X Window System. This is reported to be a problem with xfs (X Font Server) and the libXfont component.
It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated administrator, or to view or modify sensitive database information through the subversion of an SQL query.
A cross site scripting issue has been reported with some versions of Microsoft Internet Explorer for Windows. Under some configurations, data included within a FTP URL will be rendered as displayed content, allowing the execution of arbitrary JavaScript code within the Local Computer context. If both of the 'Enable folder view for FTP sites' and 'Enable Web content in folders' options are enabled, this vulnerability exists. These options are enabled by default. When a folder is being viewed through FTP, the FTP server name is included in the Web Content information displayed. The FTP server name is not sanitized. A malicious link may define a server name which includes HTML content, including script code. When displayed, this script code will execute within the Local Computer context.
Services By CQR