The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files (such as /etc/passwd). monitor is installed setuid root by default. The monitor -f command line option may be used by a local attacker to cause an arbitrary system file to be overwritten. Once overwritten, the attacker will gain ownership of the file.
The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default, allowing local attackers to specify an arbitrary system file in place of the configuration file and crttrap will disclose the contents of the arbitrary file.
Shambala Server is a FTP, Web, and Chat server targeted for the Small Office/Home Office user. It has been reported that Shambala Server's web server may be prone to a denial of service vulnerability. The denial of service condition is a result of the web server failing to handle malformed requests.
A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded string copy of the INFORMIXDIR environment variable to a local buffer. There is at least one setuid root executable that is vulnerable, `sqlexec'. A malicious user may exploit the overflow condition in sqlexec to gain root privileges.
A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible for an authenticated user to add directives and make changes to the generated .htaccess file. Adding the javascript as part of the URL will change the text field into a textbox allowing users to enter newlines and other characters.
A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses potentially sensitive information to a user. When an error occurs with the csPassword.cgi script, it displays an error message with a lot of debugging information, including the full path to the script, the name of the script, and the name of the function that was called.
Gafware's CFXImage is a custom tag for ColdFusion. A program included with the CFXImage documentation doesn't properly filter its input. It is reported that a flaw exists in this program that allows a malicious user to read files outside of the permitted directory structure. By using directory traversal sequences (i.e. '/../', '..') or specifying a filename, an attacker can obtain files that may contain potentially sensitive information.
Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. When Apache Tomcat is installed with a default configuration, several example files are also installed. When some of these example files are requested without any input, they will return an error containing the absolute path to the server's web root. The attacker can submit a request in one of the following formats: http://webserver/test/jsp/pageInfo.jsp, http://webserver/test/jsp/pageImport2.jsp, http://webserver/test/jsp/buffer1.jsp, http://webserver/test/jsp/buffer2.jsp, http://webserver/test/jsp/buffer3.jsp, http://webserver/test/jsp/buffer4.jsp, http://webserver/test/jsp/comments.jsp, http://webserver/test/jsp/extends1.jsp, http://webserver/test/jsp/extends2.jsp, http://webserver/test/jsp/pageAutoFlush.jsp, http://webserver/test/jsp/pageDouble.jsp, http://webserver/test/jsp/pageExtends.jsp, http://webserver/test/jsp/pageImport2.jsp, http://webserver/test/jsp/pageInfo.jsp, http://webserver/test/jsp/pageInvalid.jsp, http://webserver/test/jsp/pageIsErrorPage.jsp, http://webserver/test/jsp/pageIsThreadSafe.jsp, http://webserver/test/jsp/pageLanguage.jsp, http://webserver/test/jsp/pageSession.jsp, http://webserver/test/jsp/declaration/IntegerOverflow.jsp
A vulnerability has been reported in the scoadmin utility that may allow a local attacker to overwrite any file. The vulnerability is due to the predictable naming of temporary files used by scoadmin. When writing to temporary files, there are no checks to ensure that it does not already exist. Symbolic links will also be followed. This behaviour may be exploited by local attackers to corrupt arbitrary files.
Netscape Enterprise Web Server for Netware contain several sample files which leak system information, this information can be obtained by remote users. An attacker is able to send a request, for an affected sample file, that will cause the host to disclose the location of the web root path. Certain sample files will also reveal detailed system specific information.
Services By CQR