Blahz-DNS is a web based management tool for DNS information implemented in PHP and available for Linux systems. By directly calling scripts included with Blahz-DNS, it is possible to bypass the authentication check, gaining full access to the Blahz-DNS tool.
A vulnerability has been reported in some versions of DNSTools which allows any remote attacker to gain administrative access. An artificially constructed URL may define variables used to track user authentication and administrative access.
Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems. Access to the 'add.php3' script does not require authentication. It is possible for a remote attacker to manipulate URL parameters of this script and change banner advertisement content.
Ultimate PHP Board (UPB) is web forum software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Ultimate PHP Board does not filter script code from image tags. This may allow an attacker to include script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message, in the context of the website running UPB. It may be possible to inject script code into other UPB-Code formatting tags, though this has not been confirmed.
Cross Site Scripting (XSS) issues has been reported in some versions of thttpd. thttpd fails to check URLs for the presence of script commands when generating error pages, allowing the attacker-supplied code to execute within the context of the hosted site.
PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. Some of the PHProjekt scripts are only intended to be accessed by users who have been authenticated. However, it has been reported that it is possible for an unauthenticated attacker to access these scripts via a specially crafted web request. An attacker can access the script by appending an extraneous string to the URL, such as http://www.somehost.com/phprojekt/mail/mail_send.php/sms, where the extraneous “sms” is included to be passed to the $PHP_SELF variable as part of the PATH_INFO. This causes PHPProjekt to behave as though the attacker accessing the script is logged on to PHPProjekt as a legitimate user.
Sudo is vulnerable to a heap overflow condition related to it's customizable password prompt feature. The nature of the sudo utility requires that it be installed setuid root. Successful exploitation may allow for local attackers to gain root privileges. The vulnerability is caused by the author forgetting to reset the lastchar variable in the second loop of the expand_prompt() function in the check.c file. This can be exploited by an attacker to overflow the new_prompt buffer, depending on the length of the username or hostname. The overflow can be transformed into a one-byte heap overflow, which can be used to overwrite the effective uid of the process.
A denial of service issue has been reported in Microsoft Outlook Express. Reportedly, Outlook Express does not adequately handle unusually crafted HTML mail messages. Modifying the BGSOUND or IFRAME tag to contain a URL pointing to a DOS device, could cause Outlook Express to stop responding. Under certain circumtances this issue may cause the system to consume CPU time. Varying results have been reported when data is sent directly to a device, such as a denial of service, hardware failure, information disclosure or unauthorized device access.
It is possible for a malicious web page using JavaScript to crash the browser process. Under Windows 95 and 98, this may impact the underlying operating system as well. This behavior can be caused by the indirect recursive calling of an onError event which redefines an invalid source to an image tag.
CSMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script, where configuration values used by the script are contained in hidden form values. As a result, a remote attacker may trivially modify these values between script invocations, allowing them to execute arbitrary commands on the vulnerable system.
Services By CQR