A heap overflow condition in the 'chunked encoding transfer mechanism' related to Active Server Pages has been reported for Microsoft IIS (Internet Information Services). This condition affects IIS 4.0 and IIS 5.0. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. Microsoft IIS 5.0 is reported to ship with a default script (iisstart.asp) which may be sufficient for a remote attacker to exploit. Other sample scripts may also be exploitable.
Abyss Web Server is vulnerable to a path disclosure vulnerability. A remote attacker can make a specially crafted web request containing encoded dot-dot-slash (../) sequences to disclose the contents of arbitrary web-readable files. This issue may be exploited by a remote attacker to gain access to the administrative configuration file for the web server.
It is possible to misuse VBScript ActiveX Word objects to cause a denial of service to affected software. This is accomplished by creating an excessive number of Word objects. Even if the user chooses not to proceed, the ActiveX Word object is still loaded into memory an excessive number of times, resulting in a denial of service to the whole system.
PHPGroupWare is a freely available, open source groupware system written in PHP. It is distributed and maintained by the PHPGroupWare project. Debian packages of PHPGroupWare ship with an insecure default configuration. The PHP magic_quotes_gpc directive of the PHPGroupWare apache.conf file is disabled by default in Debian packages. This may enable remote attackers to make SQL injection attacks via PHPGroupWare. Under normal circumstances, PHPGroupWare installs with the PHP magic_quotes_gpc directive enabled, to restrict the possibility of SQL injection attacks. Additionally, this issue may also enable an attacker to exploit vulnerabilities that may exist in the underlying database.
talkd is a client-server application shipped with many Unix and Linux variants that is used for communication between users locally or remotely. It does not perform adequate validation of users making talk requests, allowing an attacker to spoof users during a talk session. This problem is exploitable remotely or locally and may aid an attacker in social engineering attacks. A malicious version of the NetBSD talkd component was used to exploit this issue, so it can be assumed that NetBSD is affected by this issue. However, talkd ships as a core component for a number of Linux and Unix variants and is independently maintained by the various distributions, so it is highly probable that many other operating systems are affected by this vulnerability.
Icecast does not properly check bounds on data sent from clients. Because of this, it is possible for a remote user to send an arbitrarily long string of data to the server, which could result in a stack overflow, and the execution of user supplied code. The code would be executed with the privileges of the Icecast server.
A vulnerability has been reported with some versions of Oracle 8i for Linux. A local attacker able to execute the tnslsnr process may pass an oversized command line parameter and cause a buffer overflow, possibly leading to the execution of arbitrary code as the user 'oracle'.
It is possible to use the cssText property of the styleSheet to read portions of files that exist on an arbitrary web user's system. Successful exploitation will cause the CSS interpreter used by Internet Explorer to read portions of text if the targetted file contains a '{' character. An attacker may exploit this via a malicious webpage to disclose sensitive information contained in (almost) arbitrary files that exist on a web user's system.
A buffer overflow has been reported in the sqlcpp program included with Progress, used as a SQL preprocessor. Execution of arbitrary code is possible.
A vulnerability has been reported in some versions of SquirrelMail. Reportedly, it is possible to corrupt the variable used to select a user's theme, and force the vulnerable script to execute arbitrary commands.
Services By CQR