BadBlue is prone to directory traversal attacks. It is possible for a remote attacker to submit a malicious web request containing triple-dot-slash (.../) sequences to break out of wwwroot. The attacker may browse arbitrary web-readable files on the host running the vulnerable software. On Windows operating systems, webservers run in the SYSTEM context. A remote attacker may exploit this vulnerability to read any file on the host that will render in their web browser.
Term is a commercially available software package for Unix and Linux operating systems. It is distributed and maintained by Century Software. Under some circumstances, it may be possible for a local user to execute arbitrary code. Term does not properly check bounds when receiving arguments via the tty option on the commandline. As a result, it is possible for a local user to execute the callin and callout programs of Term, and overwrite process memory. This could result in the overwriting of stack variables, including the return address. The callin and callout programs are by default installed setuid root.
OpenBB is web forum software written in PHP. It is possible to inject arbitrary script code into forum messages via image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials.
XMB 1.6 Magic Lantern pre-beta version reportedly allows JavaScript and HTML to be entered in messages by entering script or HTML between [img] and [/img] tags in a forum message.
PForum is web forum software, written in PHP and back-ended by MySQL. It is prone to cross-site scripting attacks. It is possible for an attacker to construct a malicious link which includes arbitrary script code. In particular, the username URL parameter does not filter variations of HTML tags. A legitimate user who browses the malicious link will have the attacker-supplied script code executed in their browser, in their context of the website running the vulnerable software. This may enable an attacker to steal cookie-based authentication credentials from the legitimate user.
Essentia Web Server is a multi-threaded HTTP server designed for Microsoft Windows and Linux environments. Essentia is prone to a remote denial of service. This condition may be triggered by submitting an excessively long URL (2000+ bytes). Successful exploitation will deny service to legitimate users and will require that the webserver be restarted to regain normal functionality. This problem is due to a lack of bounds-checking on the length of URLs. Because of this, an attacker may also be able to exploit this condition to execute arbitrary code.
A buffer overflow exists in the Squid proxy server's FTP URL handling. If a user has the ability to use the Squid process to proxy FTP requests, it may be possible for the user make a malicious request. By sending a custom-crafted ftp:// URL through the squid proxy, it is possible to crash the server, requiring manual restart to resume normal operation. This problem could also be exploited to allow the execution of code with the privileges of the Squid process, typically 'nobody'.
GNUJSP is a freely available, open-source implementation of Sun's Java Server Pages. It has been reported that a remote attacker may disclose the contents of directories via a specially crafted web request. This may be exploited to list directories, read the contents of arbitrary web-readable files, and disclose script source code. The attacker simply appends the name of the directory and/or file to be disclosed to a web request for /servlets/gnujsp/.
It is possible for a remote attacker to deny service to legitimate users of the service by submitting an excessively long web request (approximately 3000+ bytes). It should be noted that this issue is due to a remotely exploitable buffer overflow condition.
Phusion Webserver is prone to directory traversal attacks. It is possible to break out of wwwroot using triple-dot-slash (.../) sequences containing HTTP-encoded variations of "/" and "". As a result
Services By CQR