PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems. PostBoard does not sanitize code submitted to site between IMG tags. Due to this, a malicious user may be able to submit a post to the site with script code between two IMG tags. The following code is proof of concept: [IMG]javascript:alert('give me cookies');[/IMG]
IcrediBB does not adequately filter script code from forum message form fields. This may enable an attacker to inject malicious script code into forum messages. An attacker who exploits this may be able to hijack web content or steal cookie-based authentication credentials. Post a message with the following text in the subject or message body: <script>alert('Cross Site Scripting possible');</script>
It is possible for a remote user to upload files to world-writeable directories, and execute commands from world-writeable directories. In doing so, a user may be able to upload a script, and execute the script to gain access to a regular shell on the system. This would allow the user unrestricted, but unprivileged access.
PVote is a web voting system written in PHP. It is possible to change the administrative password by submitting a malicious web request containing the appropriate values for the URL parameters. No authentication credentials are required.
Sambar Server is vulnerable to a script source code disclosure vulnerability. By submitting a request for a known script file along with a space and null character (%00), an attacker can bypass the server-side URL parsing and view the source code of the script.
Submitting malformed data to port 445 could cause the Lanman service to consume high CPU and Kernel mode memory usage.
Submitting malformed data to port 445 could cause the Lanman service to consume high CPU and Kernel mode memory usage.
An issue has been reported, which could allow an AIM user to save files to arbitrary locations. Reportedly, this is achievable when a direct connection is made between two AIM users. Files that are sent to a user include an img tag and a data tag. Upon a file being sent, the recipient's client will automatically execute the file accordingly. When the client executes the file, a file is created in the Windows temp directory and is read directly from there. It is possible for a user to modify the file in such a way that the file will be created in a specific target directory. This is accomplished by including '..' character sequences in the SRC parameter of the img tag. In addition, the img tag can also be modified so the icon does not appear in the recipient's client.
Microsoft IIS 5.0 ships with a sample script that may be used to view the source code of other scripts in the sample scripts (/IISSAMPLES) directory. However, this script (CodeBrws.asp) does not adequately filter unicode representations of directory traversals. For example, an attacker can break out of the sample script directory by substituting '%c0%ae%c0%ae' for '..' in a dot-dot-slash directory traversal attack. It has been demonstrated that this issue may be exploited to map out the directory structure of the filesystem on a host running the vulnerable script.
A vulnerability has been reported in some versions of PureSecure, where user supplied input is used to construct a SQL statement, allowing SQL injection attacks. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, such as the one shown above. This can allow an attacker to gain administrative access to the server.
Services By CQR