It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the webserver, such as the admin folder, which contains the administrative interface. It should be noted that this vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot.
X-Chat is a graphical client for IRC. It requires the GTK+ toolkit, and is available for many Linux and Unix operating systems. If a CTCP ping request includes escaped newline characters and additional IRC commands, these commands may be executed by the vulnerable client. It is possible to gain operator status in channels owned by the vulnerable user, or to use their identity to initiate social engineering attacks.
UBB is prone to cross-agent scripting attacks via the insertion of HTML tags into image links in messages. Due to insufficient input validation, it is possible to insert arbitrary script code in forum messages/replies. The malicious script code will be executed in the browser of the user viewing the message, in the context of the site running UBB. This makes it possible for a malicious user to post a message which is capable of stealing another legitimate user's cookie-based authentication credentials.
YaBB is prone to cross-agent scripting attacks via the insertion of HTML tags into image links in messages. Due to insufficient input validation, it is possible to insert arbitrary script code in forum messages/replies. The malicious script code will be executed in the browser of the user viewing the message, in the context of the site running YaBB. This makes it possible for a malicious user to post a message which is capable of stealing another legitimate user's cookie-based authentication credentials.
A problem with the handling of file format may make it possible to remotely crash RealPlayer. The problem could also potentially result in code execution. Upon receiving a file with a malformed header, it is possible to crash the RealPlayer client. A file that specifies a content length greater than the actual size creates a circumstance where RealPlayer reacts unpredictably and becomes unstable. This usually results in the crashing of RealPlayer. This problem may also make it possible to execute arbitrary code.
It is possible for a malicious user to create a link to the phptonuke.php script which contains script code. When an unsuspecting web user browses the link, the script code will be executed in their browser in the context of the PHPNuke site. This type of attack may be used to hijack a legitimate user's session via theft of cookie-based authentication credentials.
An issue has been reported which could allow for a user to execute arbitrary code on a Boozt! host. This is acheivable when a Boozt! user attempts to create a new banner, if the name field is specified with arbitrary characters of excessive length a buffer overflow occurs.
A vulnerability exists in the suggested default configuration for the Apache PHP.EXE binary on Microsoft Windows platforms. This issue has the potential to disclose the contents of arbitrary files to remote attackers. As a result, it is possible for an attacker to append a filepath to the end of web request for php.exe. Files targetted in this manner will be served to the attacker. It is also possible to run executables in the PHP directory via successful exploitation of this vulnerability.
VitalNet, part of Lucent's VitalSuite SP product family, contains a flaw in its cookie-based authentication mechanism. An attacker who successfully guesses a correct username can gain access to the server without need of a valid password. This is done by sending a specially crafted HTTP request to the server, such as http://<serverip>/cgi-bin/VsSetCookie.exe?vsuser=<user_name>.
When a script is executed that opens a file that does not exist, awhttpd still attempts to open the file. When awhttpd attempts to close the non-existing file following the completion of the script, it becomes unstable and crashes, resulting in a denial of service.
Services By CQR