IDS (Image Display System) is an web based photo album application written in Perl. This vulnerability allows attackers to confirm the existence and location of various directories residing on the IDS host. This is accomplished when a request for a directory and album name is sent to the host containing numerous '../' character sequences. The error page returned will indicate to the attacker whether the specified path is a valid directory or not.
It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A double-quotation (") character may be used to close the HTML statement that is created when the BBCode is translated. The attacker may then include arbitrary HTML after the double-quotation. The attacker may exploit this issue to inject script code into forum messages. When such messages are displayed by a web user, the attacker's script code will execute in their browser in the context of the website.
A remotely exploitable issue has been reported in the WinHlp facility. The software fails to perform sufficient boundary checks of the Item parameter in the WinHlp command. This issue resides in Winhlp32.exe. An attacker can exploit this condition by embedding a call to the vulnerable ActiveX control in a malicious webpage or HTML email. If successful, the attacker may be able to execute arbitrary code on the client system as the Internet Explorer user.
Yahoo! Messenger configures the 'ymsgr:' URI handler when it is installed. The handler invokes YPAGER.EXE with the supplied parameters. YPAGER.EXE accepts the 'call' argument; it is used for starting the 'Call Center' feature. There is a stack overrun condition in the 'Call Center' component that may be exploited through a specially constructed URI. It has been reported that the stack frame of the affected function will be corrupted if the argument to the 'call' parameter passed to YPAGER.EXE is of 268 bytes or greater in length. Attackers may exploit this vulnerability to execute arbitrary code.
A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera into thinking no file has been specified. This is possible if the filename is appended with the string " ". This HTML-encoded newline character will cause the browser to believe that no value has been set. Consequently, the form will be submitted and the specified file will be uploaded to the server. This may occur without knowledge or consent of the victim user. Exploitation of this vulnerability allows for malicious webmasters to obtain arbitrary files from client systems.
The PGP Public Key Server does not properly handle long search strings. Under some conditions, it may be possible to pass a long string to the server that could result in a buffer overflow. This may result in the overwriting of stack variables, including the return address. It should be noted that this vulnerability would be difficult to exploit, as client data is passed through isalnum() and tolower().
A vulnerability has been reported in some versions of MSN Messenger. Under some circumstances, it may be possible to crash the client when it receives a malformed invite request. By including a number of HTML-encoded space characters (%20) in the Invitation-Cookie field, and sending the header to a remote user, it is reportedly possible to crash a remote user's client.
OpenBB is vulnerable to an unauthorized access vulnerability that allows an attacker to gain moderator or administrative access to forums. The attacker can use the 'action=lock' parameter in the URL to lock the forum, or use 'action=sticky' or 'action=important' to make the forum sticky or important.
Sendmail is a MTA for Unix and Linux variants. There is a vulnerability in Sendmail that will lead to a denial of service condition. The vulnerability occurs when a malicious user acquires an exclusive lock on files that Sendmail requires for operation.
Sendmail is a MTA for Unix and Linux variants. There is a vulnerability in Sendmail that will lead to a denial of service condition. The vulnerability occurs when a malicious user acquires an exclusive lock on files that Sendmail requires for operation. This exploit is a shellcode that locks /etc/mail/aliases.db.
Services By CQR