A vulnerability has been reported in some versions of the Quake II server. While variable expansion is normally performed on the client side, a modified client may pass unexpanded variables such as $rcon_password to the server. The server will expand these variables within it's local context, potentially leaking sensitive information to the remote attacker.
NOCC webmail is vulnerable to script injection attacks, which allow malicious attackers to include script code in an email and potentially gain full access to a victim's mailbox. An example of such an attack is the use of a <script> tag to display the victim's session ID.
XMB Forum 1.6 Magic Lantern allows remote users to conduct activities in the forum while bypassing normal logging functions. This is accomplished by submitting an arbitrary string as the 'analized' variable to index.php. Log information is written only if this variable is empty, so submitting a string to it bypassing the logging. In addition, log files (index_log.log and cplogfile.log) may be written with improper permissions allowing users to retrieve them with a browser.
XMB Forum 1.6 Magic Lantern is vulnerable to a number of cross-site scripting issues because of improper filtering of user input. The first involves 'member.php'; submitting script to the variable 'member' in the context of 'action=viewpro' (profile viewing) will cause that script to be returned as an error message. The second involves the 'MSN' information field of a user profile; a registered user can submit script to this field without it being filtered. The third issue can be exploited by submitting a '<script>' tag encoded as '%253Cscript%253E' (note that the percent sign is encoded as '%25', and '3C' and '3E' are the '<' and '>' brackets) to the username variable in the context of 'action=reg' to 'member.php'.
SGDynamo is a web application engine for Microsoft Windows operating systems. Script code is not filtered from URL parameters that are used as output by the SGDynamo program. This may enable an attacker to inject script code into a malicious link to the program. The script code will be executed in the browser of a user who visits the link, in the context of the site running the program. This may enable the attacker to steal cookie-based authentication credentials from legitimate users.
InJoin Directory is provided for Microsoft Windows operating systems and Unix variants. HTML code is not filtered from URL parameters that are used as output in the web-based administrative interface. This enables an attacker to inject malicious script code into a link to the administrative interface. When this link is visited by an authenticated administrative user, the attacker's script code will be executed in the browser of that user, in the security context of the site running the interface. Successful exploitation may allow the attacker to steal cookie-based authentication credentials from the administrative user.
Wu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition.
A vulnerability exists in the Cisco ATA-186 Analog Telephone Adapter which allows an attacker to gain access to sensitive configuration information, including the password to the administrative web interface. This is achieved by sending an HTTP request consisting of a single character to the device.
A remote format string vulnerability has been reported in multiple versions of the DHCPD server. User supplied data is logged in an unsafe fashion. Exploitation of this vulnerability may result in arbitrary code being executed by the DHCP server, which generally runs as the root user.
It may be possible for a remote user to take advantage of a buffer overflow in the MDaemon software package. The WorldClient.cgi program packaged with MDaemon does not properly check bounds on user-supplied data. During the process of creating a folder with a long name, it is possible to exploit a buffer overflow in the CGI that could result in the overwriting of process memory, and execution of attacker-supplied instructions.
Services By CQR