The current implementation of this feature fails to protest system process information. It is still possible to obtain a list of processes from a procfs filesystem, or from specifying certain options to the 'ps' command. The exploit code provided in the text can be used to list all the processes running on the system.
Phorum is a PHP based web forums package designed for most UNIX variants, Linux, and Microsoft Windows operating systems. The 'header.php' and 'footer.php' components of Phorum do not santize the client-supplied value of the 'GLOBALS' parameter prior to output. As a result, script commands embedded in these variables will be executed by the client in the context of Phorum. Attackers may exploit this vulnerability to obtain user credentials.
Path, form input, and environment variable information is disclosed when a malformed POST request is submitted. This information may aid the attacker in making further attacks against the host.
Phorum is vulnerable to remote code execution due to improper input validation in the 'plugin.php', 'admin.php' and 'del.php' files. An attacker can specify the location of a parameter to the vulnerable PHP files by passing an argument via URL to the PHP files.
An attacker with root access may be able to write to kernel memory in spite of the security patch provided by grsecurity. The patch operates by redirecting the write() system call, when it is being used to write to a memory device. Unfortunately, there are other methods that can be used to write to kernel memory (such as mapping the device to memory using mmap()).
Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The Import Root Directory (imp_rootdir.asp) script does not force an authentication challenge when accessed, and allows users to perform actions on files and directories below the Hosting Controller administrative root. It is possible to manipulate URL parameters to change the root directory to another arbitrary directory on the system (such as C:). This may enable a remote attacker to execute arbitrary commands on the underlying system, eventually leading to a full compromise.
IDS Device Manager is a web interface to the Cisco IDS systems. It is distributed and maintained by Cisco Systems. Due to improper handling of user-supplied input, it is possible for a user to gain access to arbitrary files on the system using an elementary directory traversal attack. By placing a request to the process, with an appended dot-dot-slash (../) tag pointing to a file, a remote user may read the specified file on the affected system.
Pseudo-frames is an application written in PHP and is maintained by Clicky Web. It permits remote file including, allowing a remote attacker to include an arbitrary file located on a remote host. If this file is a PHP script, it will be executed on the host running the vulnerable software.
The Sonicwall SOHO3 is an Internet security appliance that provides firewall security solutions. Reportedly, a vulnerability exists in the product that allows for a script injection attack to be launched from a malicious user within the internal LAN. It is possible to configure Sonicwall to block domains from a list of user entered domains. Sonicwall will deny local users access to the websites that have been blocked. A malicious user may be able to inject script code as part of a URL of a blocked domain. Attempts to access blocked domains will be entered into the log files of Sonicwall. An administrator viewing the log files will automatically cause the malicious script code execute. If the attacker's script code is injected into the logfile then the administrator will not be able to access the log normally. To regain access to the logs the appliance will need to be rebooted. It should be noted that rebooting the appliance will cause the logs to be cleared and will effectively eliminate any indication in the logs of which user initiated the attack. It is possible for a malicious remote user to exploit this issue by crafting a URL of a known blocked domain that includes script code, and enticing a local user into following the link.
An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web server may provide content with misleading values in the content-type and content-disposition headers. Under some circumstances, the result may be that IE will automatically download and execute attacker-supplied programs. It has been demonstrated that this vulnerability can be exploited when Windows Media Player 6.4 or 7.1 is installed on the system. This vulnerability may also be exploited through HTML formatted email.
Services By CQR