McKesson Pathways Homecare is a client/server application which is used to track patient information, billing information and medical records for home care patients. The administrative username and password are encrypted in the pwhc.ini file on the client system. The encryption method used to store these is very weak and can be easily reversed. For the SQL server account, a Perl script can be used to decrypt the credentials, while for the Visual Basic client, a SQL query can be used.
An issue exists in IKE which could cause a Windows 2000 host to stop responding. Connecting to port 500 and submitting a continuous stream of arbitrary packets, will cause the CPU utilization to spike to approximately 100%.
An issue exists in IKE which could cause a Windows 2000 host to stop responding. Connecting to port 500 and submitting a continuous stream of arbitrary packets, will cause the CPU utilization to spike to approximately 100%. It should be noted that this vulnerability may be due to an underlying issue with the UDP protocol.
Red Faction is a commercial 3D first person shooter game developed by Volition and published by THQ. It allows up to 32 players to game across a LAN or TCP/IP. Both the Red Faction Game Server and the client communicate on port 7755 by default. If UDP packets are sent to the port Red Faction is listening on, this will cause both the Game Server and the client to crash. Sending a nmap command with the -sU flag to the port Red Faction is listening on is sufficient to crash the game.
Due to a common design error, it may be possible for outbound packets to bypass packet filtering in many personal firewalls. Many of these applications only block packets created by the standard Windows protocol adapter. It is possible for a user with administrative privileges to create packets with other protocol adapters that are not evaluated against the personal firewall rules when transmitted. Exploitation will result in a violation of security policy. Tiny Personal Firewall, ZoneAlarm and ZoneAlarm Pro are confirmed vulnerable. It is believed that other applications similar in design may also be vulnerable.
EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. As a result, a remote attacker may post unmoderated comments or possibly modify information in the templates used by EasyNews. This may be exploited via a specially crafted web request.
PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page, 'user.php', which contains malicious script code. When the link is clicked by an unsuspecting web user, the malicious script code will be executed on the user in the context of the site running PHPNuke. This attack may be used to steal a user's cookie-based authentication credentials for the vulnerable PHPNuke site. PostNuke is also affected by a number of these issues. This problem has also been reported with other scripts included in the PHPNuke package. More specifically, modules.php, upload.php, friend.php and submit.php are also vulnerable under some circumstances. Different parameters to the user.php script may also be sufficient for a cross-site scripting attack. An additional cross-site scripting vulnerability has been reported in modules.php for PostNuke. It has been reported that the cross-site scripting issue affecting the 'ttitle' parameter of 'modules.php' script has been re-introduced in newer versions of the PHPNuke application. This issue is reported to affect versions 7.2 and prior.
It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt (or other seemingly harmless file type) file in the Download dialog. When including a certain string of characters between the filename and the actual file extension, IE will display the specified misleading file extension type. The end result is that a malicious webmaster is able to entice a user to open or save arbitrary files to their local system.
Multiple instances of denial of service vulnerabilities exist in PowerFTP's FTP daemon. This is achieved by connecting to a vulnerable host and submitting an unusally long string of arbitrary characters. It has been reported that this issue may also be triggered by issuing an excessively long FTP command of 2050 bytes or more.
Wu-Ftpd is an FTP server based on the BSD 'ftpd' that is maintained by Washington University. Wu-Ftpd allows clients to organize files for FTP actions based on 'file globbing' patterns. The implementation of file globbing included in Wu-Ftpd contains a heap-corruption vulnerability that may allow an attacker to execute arbitrary code on a server remotely.
Services By CQR