TinyServer is prone to multiple vulnerabilities, including a directory traversal issue that could allow a remote user to view or download any file to which the server has access, a denial of service issue due to the failure of the server to check input strings received, and a cross-site scripting issue that could allow for theft of cookie-based authentication credentials or other attacks.
OwnServer 1.0 and earlier is vulnerable to a file disclosure vulnerability, which allows a remote attacker to view files residing outside of the web server root directory on the affected system. This can be done by sending a specially crafted HTTP request containing a maliciously crafted URL, such as http://www.example.com/../../boot.ini, http://www.example.com/../../../boot.ini, http://www.example.com/../../../../boot.ini, http://www.example.com/../../../../../boot.ini, and http://www.example.com/../../../../../../boot.ini.
MetaDot Corporation's MetaDot Portal Server is vulnerable to Cross-Site Scripting (XSS) attacks due to a failure to properly validate user input. An attacker can exploit this vulnerability by sending malicious code in the form of an iframe to the vulnerable server. For example, an attacker can send the following code to the vulnerable server: /index.pl?isa=XSS<iframe%20src=http://www.example.com/malcode> or /index.pl?iid='"><iframe%20src=http://www.exmaple.com/malcode>.
VisualShapers ezContents is vulnerable to a Remote File Inclusion vulnerability due to a lack of proper input validation. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a victim. If the victim visits the malicious URL, the attacker's malicious code will be executed on the vulnerable system.
A problem has been identified in the handling of remote web requests by the Webcam Watchdog software. Because of this, it may be possible for a remote attacker to gain unauthorized access to a vulnerable system. A proof of concept exploit has been released which demonstrates the vulnerability. It is possible to execute arbitrary code on the vulnerable system by sending a specially crafted HTTP request.
This exploit is based on the fact that catman creates files in /tmp insecurly. They are based on the PID of the catman process, catman will happily clobber any files that are symlinked to that file. The idea of this script is to watch the process list for the catman process, get the pid and Create a symlink in /tmp to our file to be clobbered. This exploit depends on system speed and process load.
A vulnerability has been reported to exist in the Survey module of PHP-Nuke that may allow a remote attacker to inject malicious SQL syntax into database queries. The source of this issue is insufficient sanitization of user-supplied input. A malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database.
A vulnerability has been reported to exist in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in certain URI parameters passed to the default.php script. This vulnerability makes it possible for an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link.
The mvdsv Quake Server implementation is prone to a remotely exploitable buffer overrun vulnerability. This vulnerability is caused by a lack of bounds checking when processing certain packets. An attacker can exploit this vulnerability by sending a specially crafted packet to the vulnerable server. This could permit execution of arbitrary code in the context of the server.
It has been reported that X-Chat may be prone to a remote denial of service vulnerability that may allow an attacker to crash the client by sending a malicious 'DDC SEND' request. X-Chat version 2.0.6 running on a Linux platform has been reported to be affected by this issue resulting in a crash. Although unconfirmed, it is possible that other versions are affected as well. This issue is similar to mIRC DCC SEND Buffer Overflow Vulnerability.
Services By CQR