Portix-PHP is prone to directory traversal attacks. The script view.php does not sufficiently filter '../' sequences from web requests, making it possible for an attacker to browse the filesystem of the host running the vulnerable software. Arbitrary web-readable files may be viewed by an attacker. Successful exploitation may cause sensitive information to be disclosed to the attacker. Information gathered in this manner may be used to aid in further attacks against the host.
A vulnerability in TEXIS allows an attacker to view the full path to the web root. If the attacker submits an HTTP request for an invalid path, the server will return an error page containing the path to the web root. System information may also be revealed.
ICQ For MacOS X is a port of the popular Mirabilis ICQ client to the Apple MacOS X platform. It is possible to cause MacOS X ICQ clients to crash by sending an excessively long request (19000+ characters). MacOS X ICQ clients normally bind to ports 49152 and 49159. This is likely due to an unchecked buffer of some sort, so the possibility of exploiting this condition to execute arbitrary attacker-supplied instructions does exist. Though this possibility has not been confirmed.
A remote exploitable buffer overflow condition has been discovered in mIRC. This issue is due to improper bounds checking of nicknames sent by the server. A excessively long nickname (200+) is capable of overwriting stack variables. This may be exploited by a malicious server. This issue is also exploitable via a webpage that can instruct the client to launch and to make a connection to the malicious server.
A problem has been discovered that may allow an attacker to bypass the restrictions of PHP's 'safe_mode' feature to gain unauthorized access to areas of the filesystem that are restricted when PHP 'safe_mode' is enabled. In particular, the MySQL client library that ships with PHP fails to properly honor 'safe_mode'. As a result, a user can issue a LOAD DATA statement to read files that reside in restricted areas of the filesystem (as determined by 'safe_mode').
A problem has been discovered that may allow an attacker to bypass the restrictions of PHP's 'safe_mode' feature to gain unauthorized access to areas of the filesystem that are restricted when PHP 'safe_mode' is enabled. In particular, the MySQL client library that ships with PHP fails to properly honor 'safe_mode'. As a result, a user can issue a LOAD DATA statement to read files that reside in restricted areas of the filesystem (as determined by 'safe_mode').
FAQ-O-Matic does not sufficiently filter script code from URL parameters. It is possible to create a malicious link containing arbitrary script code. When a legitimate user browses the malicious link, the script code will be executed in the user's browser in the context of the website running Faq-O-Matic. As a result, it may be possible for a remote attacker to steal cookie-based authentication credentials from a legitimate user of the service.
kicq 2.0.0b1 is an ICQ client for the K Desktop Environment (KDE). kicq can be crashed remotely by initiating a telnet connection to a port it is listening on and sending 'random' characters. This does not affect other components of the system, only the ICQ client.
It has been reported that Tru64 systems may be prone to a denial of service condition when handling malformed TCP packets. Specifically, when processing a malformed TCP packet with both the SYN and FIN flags set, vulnerable Tru64 systems may block indefinitely, thus causing a denial of service. As a result other legitimate users may no longer be capable of accessing remote services.
Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers. Various Microsoft Site Server ASP pages are prone to cross-site scripting attacks. It is possible to create a malicious link to a vulnerable ASP page which contains arbitrary script code. Script code will be executed in the browser of a legitimate user who browses the link, in the context of the Microsoft Site Server site. The vulnerable pages require that the legitimate user authenticates before accessing them. At the very least this may provide an opportunity for an attacker to steal cookie-based authentication credentials from a legitimate Microsoft Site Server user. Default.asp and formslogin.asp are known to be prone to this issue. It has been reported that a number of other ASP pages are also affected.
Services By CQR