It is possible to change the administrative username and password without knowing the current one, by passing the proper arguments to the plusmail script. After this has been accomplished, the web console allows a range of potentially destructive activities including changing of e-mail aliases, mailing lists, web site editing, and various other privileged tasks. This can be accomplished by submitting the argument 'new_login' with the value 'reset password' to the plusmail script (typically /cgi-bin/plusmail). Other arguments the script expects are 'username', 'password' and 'password1', where username equals the new login name, password and password1 contain matching passwords to set the new password to.
PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and password without knowing the current one, by passing the proper arguments to the plusmail script. After this has been accomplished, the web console allows a range of potentially destructive activities including changing of e-mail aliases, mailing lists, web site editing, and various other privileged tasks. This can be accomplished by submitting the argument 'new_login' with the value 'reset password' to the plusmail script (typically /cgi-bin/plusmail). Other arguments the script expects are 'username', 'password' and 'password1', where username equals the new login name, password and password1 contain matching passwords to set the new password to.
Perl Web Server, an experimental cross-platform web server project, does not prevent a remote user from requesting documents outside the ServerRoot (location of the virtual / directory). This means that if an attacker knows the location of a sensitive file relative to the ServerRoot, he can retrieve the contents of the file by making an HTTP request containing the relative path. To retrieve /etc/password from a vulnerable host, request: http://www.server.com/../../../../etc/passwd The number of ../ path characters will depend on the ServerRoot (location of the virtual / directory) setting.
Sendfile is an implementation of the SAFT (simple asynchronous file transfer) protocol for UNIX systems. Due to a problem dropping privileges completely before running user-specified post-processing commands in the Sendfile daemon, it may be possible for a local user to execute arbitrary commands with elevated privileges.
Invalid long strings submitted using either 'RETR' or 'CWD' commands to a host running WFTPD server, will result in the service terminating due to a buffer overflow. It may be possible for an attacker to execute arbitrary code through this vulnerability. The problem exists due to the interaction between WFTPD.EXE and the Windows function call 'NTDLL.DLL:RtlFreeHeap()'.
Due to the improper handling of relative paths by the HTTP serving portion of the Viking Server, a user requesting a relative path such as "..." can gain access to the root directory
Mercury MTA is a mail-transfer agent available for Novell NetWare and Windows NT. Novell versions of the Mercury POP3 server prior to 1.48 are vulnerable to a buffer overflow caused by inadequate string handling for the APOP authentication command. Because the overflow occurs in an authentication command parser, unauthenticated remote users can trigger the overflow. It is unknown whether the overflow can lead to arbitrary code execution, but proof-of-concept code is available that will crash the NetWare server, requiring a reboot.
The Bat! is vulnerable to a remote denial of Service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause The Bat! to incorrectly interpret the message's structure. This can lead The Bat! to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account.
A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML page.
KFM is the KDE File Manager, included with version 1 of the KDE base package in most Linux installations. KFM is designed as a graphical, easily navigated interface to the Linux Filesystem. A problem with KFM could allow the overwriting of files owned by the KFM user. KFM insecurely creates a directory to store it's cache contents. Prior to creation, the existance of this directory, which is predictable in name, is not checked. Additionally, permissions are also not checked. Files beneath the directory can be created as symbolic links, making it possible to overwrite linked files. This vulnerability makes it possible for a local user to overwrite and corrupt files owned by the KFM user.
Services By CQR