xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. xNewsletter does not sanitize dangerous characters from form field input such as the e-mail address of the newsletter recipient. It has been demonstrated that this condition may be exploited to cause multiple instances of the same e-mail address to be written to the datafile. An attacker may effectively trick the script into mail bombing an arbitrary e-mail address. It has also been demonstrated that the attacker may cause arbitrary data to be written to the datafile in such a way that it cannot be removed using the facilities provided by xNewsletter. The malformed data must be removed from the datafile manually. These two consequences of insufficent validation of form input may be exploited in conjunction with each other.
xGB is guestbook software written in PHP and running on most Unix and Linux variants as well as Microsoft Windows operating systems. It does not sufficiently validate input that is supplied via form fields, allowing an attacker to inject arbitrary PHP code into form fields. By inserting the code "<?php echo"delete datafile";?>" into a field such as "Ihr Name", "Ihre eMail", "Homepage-Name" or "Homepage-URL" and then submitting the form twice, the datafile can be deleted and only the last message is saved in it.
xGB is vulnerable to Cross-Site Scripting (XSS) attacks due to a lack of input validation. An attacker can inject malicious JavaScript code into the guestbook entries, which will be executed when a user views the guestbook.
An attacker may allegedly create a malicious link which is capable of causing actions to be performed on the behalf of a legitimate Burning Board user who visits the link. To exploit this vulnerability, the attacker must manipulate URL parameters in the malicious link in such a way as to cause the desired actions to be performed by a user who visits the link. The legitimate forum user must also be authenticated via a cookie-based authentication credential. The malicious link may include BBCode.
Due to inadequate bounds checking in Melange, it is possible for users to initiate a buffer overflow. Submitting an unusually large /yell argument composed of arbitrary data, could cause the overflow to occur.
The Nortel CVX 1800 Multi-Service Access Switch contains a default SNMP community string of "public", which may allow enable a remote attacker to gain access to sensitive information such as authentication credentials for local accounts on the device, network infrastructure info, etc.
A vulnerability has been reported in some versions of Internet Explorer. It is possible to inject JavaScript code into the browser history list, and execute it within any page context given appropriate user interaction. Internet Explorer stores javascript: URLs in the browser history list. Script executed within the javascript: URL will inherit the security zone of the last viewed page. This provides protection against javascript: URLs included within a maliciously constructed web page. However, a user may navigate to a javascript: URL using the 'Back' button in their browser. This may result in the injected script code executing within the context of another page.
Multiple vulnerabilities have been reported in two components of INN, inews and rnews. Reportedly, both are vulnerable to locally exploitable format string problems. Under some systems these binaries may be installed suid root or sgid news, allowing a local attacker to gain elevated privileges.
OpenBSD ships with a number of cron jobs configured by default. The tasks are for the purpose of summarizing system information. The mail(1) utility is used to send the summaries to the root user. This utility supports escaped characters in message text indicating commands to be executed during processing. If attacker-supplied data can be included in the message text passed to mail(1), commands specified by the attacker may be executed as root. If the attacker embeds the escape sequence followed by an arbitrary command in this data, the commands will be executed as root when the cron task runs. It is possible for an attacker to embed data in filenames, which are included in the emails.
The HTTP Error Page created by IIS may, under some circumstances, contain HTML content which includes unsanitized user supplied input. An attacker may construct a link to a vulnerable server such that it exploits this vulnerability. When an innocent user follows this link, the script code will be reproduced by the server, and execute within the context of the vulnerable site. This may result in the exposure of sensitive data and cookie information, or allow the attacker to subvert the content and functionality of the site.
Services By CQR