The webfrontend of Websense Email Security software do not properly sanitize some variables before being returned to the user. This can lead to Cross Site Scripting (XSS) vulnerabilities.
The Web Administrator frontend (STEMWADM.EXE) listens by default on port TCP/8181. If an attacker sends a HTTP Request to port 8181 without waiting for a response the webserver crashes. The proof of concep code is available below. The webserver is restarted automatically after the crash.
Remote attacker can download arbitrary files from target server without authentication. POST parameters or cookies can be used as attack vector. Vulnerable are all Vivvo CMS versions >= 4.1.0.
TwonkyMedia Server contains multiple Cross-Site Scripting (XSS) vulnerabilities. The TwonkyMedia web server fails to adequately sanitize user input (HTTP request strings and form input); thus, an attacker may be able to execute arbitrary script code in a victim's browser.
Various XSS and XSRF vulnerabilities were identified in the Alteon OS Browser-Based Interface (BBI). An attacker may exploit this issue to perform certain administrative actions, e.g. change using predictable URL requests once the user has authenticated and obtained a valid session with the switch. An attacker may exploit this issue to inject arbitrary HTML and script code into the application, potentially allowing the attacker to steal cookie-based authentication credentials and launch other attacks.
AIMP2 Audio Converter (aimp2c.exe) version <= 2.53 build 330 is vulnerable to a buffer overflow attack when processing a specially crafted playlist (pls) file. This can lead to arbitrary code execution.
This exploit relies on the "/bin/sh" binary on the host as being a non-privilege dropping shell such as zsh, this is not always the OS default setting. It permits a malicious user to obtain root privileges on the VirtualBox host machine.
Loading a corrupt save file(spider.sav) will result in a local crash of Spider Solitaire
A remote DoS was present in Snort 2.8.5 when parsing some specialy IPv6 crafted packet. To trigger theses bugs you need to have compiled snort with the --enable-ipv6 option, and run it in verbose mode (-v). You can reproduce theses two differents bugs easily by using the Python low-level networking lib Scapy (http://www.secdev.org/projects/scapy/files/scapy-latest.zip)
It was found that the download facility of Microsoft SharePoint Team Services can be abused to reveal the source code of ASP.NET files. Insufficient validation in the input parameters of the download facility can result in the source code of ASP.NET files being disclosed. For example, the source code of the default ASP.NET page available after installing the product (http://server/Pages/Default.aspx) can be obtained by issuing the following request: http://server/_layouts/download.aspx?SourceUrl=/Pages/Default.aspx&Source=http://server/Pages/Default.aspx&FldUrl= In order to retrieve the source code any file stored in the backend database (files whose path does not start with /_layout/) it is sufficient to craft a request that follows this pattern: http://server/_layouts/download.aspx?SourceUrl=<relative_path>&Source=<full_path>&FldUrl= This bug can result in disclosure of sensitive information that can be used by an attacker targeting the application.
Services By CQR