Menasoft SPHEREserver .99 is vulnerable to a denial of service attack. Multiple connections to the server can be made from a single machine, exhausting available connections and denying connections to legitimate users.
CSRF exploit allows for the creation of an administrator account by forging a HTTP POST request. Reflective XSS exploit exploits a reflective XSS vulnerability. SQL Injection exploit allows for SQL injection attacks.
Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting (CWE-79) and cross-site request forgery (CWE-352) vulnerabilities. The proof of concept includes examples of persistent/stored XSS and non-persistent/reflected XSS as well as a cross-site request forgery exploit.
A vulnerability has been reported in the web server included with Worldgroup. If a HTTP GET request is received by the server consisting of a long string of arbitrary characters, the server will crash. A restart may be required in order to regain normal functionality.
A remote attacker can create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset or require a manual reset to regain functionality.
Phusion Webserver does not perform sufficient bounds checking of externally supplied data, allowing a remote attacker to submit an excessively long web request which may cause stack variables to be overwritten with attacker-supplied instructions. This can lead to remote code execution and potential compromise of the host.
A vulnerability has been reported in some versions of Ezboard where user supplied data is written to a staticly sized array with a sprintf call. Large amounts of user supplied data may overflow this array and overwrite adjacent areas of stack memory, potentially allowing for arbitrary code execution.
There exists a condition in Microsoft Windows operating systems using NTFS that may allow for files to be hidden. By using drives mapped to directories created with 'SUBST', it is possible to create directory paths longer than 256 characters, which can result in files being inaccessible through traversing the full path. This poses a risk to programs such as antivirus software and can be exploited to hide files.
This module exploits a stack based buffer overflow in Winamp 5.55. The flaw exists in the gen_ff.dll and occurs while parsing a specially crafted MAKI file, where memmove is used with in a insecure way with user controlled data. To exploit the vulnerability the attacker must convince the attacker to install the generated mcvcore.maki file in the "scripts" directory of the default "Bento" skin, or generate a new skin using the crafted mcvcore.maki file. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
The BRU backup software creates temporary files insecurely by using easily predicted temporary filenames in the /tmp/brutest.$$ format. This vulnerability allows a local user to launch a symbolic link attack, potentially leading to the overwriting of system files or elevated privileges.
Services By CQR