An off-by-one error occurs in the channel code of some versions of OpenSSH. A malicious client may exploit this vulnerability by connecting to a vulnerable server. Valid credentials are believed to be required, since the exploitable condition reportedly occurs after successful authentication.
Microsoft IIS supports Basic and NTLM authentication. Reportedly, the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of returned error messages, even when anonymous access is also granted. When a valid authentication request is submitted for either message with an invalid username and password, an error message will be returned. This happens even if anonymous access to the requested resource is allowed. An attacker may be able to use this information to launch further intelligent attacks against the server, or to launch a brute-force password attack against a known username.
ReBB is web forum software which will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. It is written in PHP and may be back-ended by a number of databases. ReBB allows users to include images in forum messages using image tags, with the following syntax: [img]url of image[/img]. It is possible to inject arbitrary script code into forum messages via these image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials.
BPM Studio Pro is a shareware MP3 mixer and player. It includes a HTTP server for managing the player via a web interface. The BPM Studio Pro HTTPD does not adequately filter dot-dot-slash (../) sequences from web requests. As a result, it is possible for a remote attacker to break out of wwwroot and browse the filesystem of the host. This may lead to disclosure of sensitive information as the remote attacker may display arbitrary web-readable files.
An information disclosure vulnerability has been reported in some versions of xtell. When a message is sent to a user, the response generated by xtell states whether that user is currently logged on to the system. An attacker may be able to use this information to aid in additional attacks, or in social engineering attempts. It is possible to send a maliciously formatted message to xtell such that this information is disclosed, yet no message is displayed or logged. This may allow the attack to go undetected.
Multiple buffer overflow vulnerabilities have been reported in some versions of xtell. If long strings are recieved by the xtell client, stack memory will be overwritten. Exploitation of these vulnerabilities may result in arbitrary code being executed as the xtell daemon. Overflow conditions may be caused if long strings are sent by a malicious DNS server in response to the reverse lookup performed when a message is received, either through the auth string returned by the ident server, or through directly sending an overly long message to the vulnerable user.
Snitz Forums 2000 is vulnerable to script injection via the image tag. An attacker can inject arbitrary script code into forum messages via these image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials.
A problem occurs with The Bat! when it is configured to save attachments seperately from the body of a message. It is possible to include a MS-DOS device name (such as CON, AUX, PRN, etc.) in the filename of the attachment to cause a denial of service to an e-mail client with this configuration.
A vulnerability has been reported in the FTP server included with Worldgroup. If a LIST command is received by the server including a long string of '*/../' characters, the server may halt. A restart may be required in order to regain normal functionality.
It is possible to inject arbitrary script code into forum messages via image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials.
Services By CQR