The Web Datablade Module for Informix SQL is prone to a directory traversal vulnerability. A remote attacker who submits a specially crafted web request containing dot-dot-slash(../) sequences may be able to break out of wwwroot and browse arbitrary web-readable files on a vulnerable host. This issue is known to occur when large object caching is enabled, which sets cache_directory as a web driver variable. It occurs independently of the web server that is being used.
Bharat Mediratta Gallery is a free, open source web-based photo album which may be used as an add-on for the PHPNuke web portal. Due to insufficient validation of user-supplied input, it is be possible to view arbitrary web-readable files via a specially crafted web request which contains '../' sequences. This issue may allow a remote attacker to gather sensitive information which may be used in directed and organized attacks against a host running the Gallery software.
Opera is prone to an issue which may allow for the execution of script code across domains, allowing for circumvention of the web browser's security model. It is possible to construct malicious script code on a webpage, which when executed by Opera web browser, is able to affect another domain. In short, Opera does not properly implement the 'Same Origin Policy' enforced by other browsers. The danger is that one website may be able to access the cookie-based authentication credentials of another website.
Network Tool is a PHPNuke addon, written and maintained by Rick Fournier. It is designed to offer network features such as nmap, traceroute, and ping from a web interface. A problem with the package has been discovered that could allow remote users to gain arbitrary access to restricted resources. The problem is in the filtering of metacharacters by the interface. A command passed to the modules in the suite could be encapsulated in metacharacters, and would result in the command being executed on the system with the permissions of the httpd process. This makes it possible for a remote user to execute arbitrary commands, and potentially gain access to a vulnerable host. Asking the Php script for Pinging, Nmap, or traceroute this kind of adresse <www.somehost.com;ls -al> will allow any user to run " ls -al " command as whatever user runs the web server.
ActivePerl is an implementation of the Perl scripting language for Microsoft Windows systems developed by Activestate. ActivePerl allows for high-performance integration with IIS using a DLL called 'perlIIS.dll' to handle a '.plx' ISAPI extension. perlIIS.dll contains a remotely exploitable buffer overflow vulnerability in handling of the URL string. It is due to an unbounded string copy operation. All versions of ActivePerl prior to build 630 of ActivePerl 5.6.1 are believed to be vulnerable. This vulnerability requires that the option 'Check that file exists' be disabled. This option is enabled by default. Exploitation of this vulnerability may allow for remote attackers to gain access to the target server.
ActivePerl is an implementation of the Perl scripting language for Microsoft Windows systems developed by Activestate. ActivePerl allows for high-performance integration with IIS using a DLL called 'perlIIS.dll' to handle a '.plx' ISAPI extension. perlIIS.dll contains a remotely exploitable buffer overflow vulnerability in handling of the URL string. It is due to an unbounded string copy operation. All versions of ActivePerl prior to build 630 of ActivePerl 5.6.1 are believed to be vulnerable. This vulnerability requires that the option 'Check that file exists' be disabled. This option is enabled by default. Exploitation of this vulnerability may allow for remote attackers to gain access to the target server.
Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked will cause arbitrary script code to be executed in the browser of an unsuspecting user in the context of a site running Horde IMP. As a result, it has been proven that this issue can be exploited to steal a legitimate user's cookie-based authentication credentials and gain unauthorized access to that user's webmail account.
A problem with the Rational ClearCase software change management package could lead to a local user gaining elevated privileges. The problem is in the handling of environment variables by db_loader. db_loader does not correctly handle input from a user's TERM environment variable, making it possible for a local user to execute arbitrary code when 550 bytes of data is placed in TERM. Since the db_loader program is setuid root, this problem can result in a local user gaining administrative access on a vulnerable system.
Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' is appended to the end of a request for an existing script, then this will cause the script's source code to be displayed. There is a potential that this issue may result in sensitive information being disclosed to attackers, depending on the contents of the script source code.
Internet Explorer contains a vulnerability, which could allow an attacker to construct a URL that would display or modify the cookie information associated with an arbitrary website. If a URL is composed in the about: protocol referencing a website, Javascript embedded in the URL can access any cookies associated with that website via 'document.cookie'. The Javascript executes because of a cross-site scripting condition in the about: protocol.
Services By CQR