A problem has been identified in the handling of pre-authentication packets by DameWare Mini Remote Control Server. Because of this, it may be possible for a remote attacker to gain unauthorized access to hosts using the vulnerable software.
It has been reported that @mail Webmail System may be prone to multiple vulnerabilities that include directory traversal, SQL injection, session hijacking, and cross-site scripting. These issues may allow an attacker to gain access to sensitive information including user email messages and mailboxes.
It has been reported that WebEye is prone to an information disclosure vulnerability that may allow an attacker to harvest sensitive information from the server such as usernames and passwords. The problem exists in the '/admin/wg_user-info.ml' script that fails to verify user credentials before returning sensitive information.
This exploit is a buffer overflow vulnerability that allows an attacker to execute arbitrary code on the target system. It was written by Scrippie, with help from dvorak and jimjones. It is not fully developed, but it works most of the time. It can be used to gain access to a system and execute malicious code.
Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. These issues could be exploited by enticing an administrative user to follow a malicious link that includes hostile HTML and script code as values for URI parameters. If such a link is followed, the hostile code may be rendered in the administrator's browser. This could lead to theft of cookie-based authentication credentials, which contain the username and MD5 hash of the password, allowing for full compromise of the firewall.
A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by software, leading to a buffer overflow condition. The problem is reported to exist in the defang() function in libhttpd.c. This issue may allow an attacker to gain unauthorized access to a vulnerable host. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the web server in order to gain unauthorized access to a vulnerable system.
This vulnerability allows an attacker to create a symlink to a file in the /tmp directory with the current PID of the catman process. Depending on the system load, this creates 1000 files in the /tmp directory. The attacker would have to know when root is executing catman in order to exploit this vulnerability.
A vulnerability has been reported to exist in the mIRC client that may allow a remote attacker to crash a vulnerable mIRC client. The condition is most likely present due to insufficient boundary checking performed on 'DCC SEND' requests. It has been reported that when received, a malicious 'DDC SEND' request can trigger a fatal error and cause an affected mIRC client to crash.
It has been reported that the Microsoft Message Queuing service is prone to a heap overflow. The Symantec DeepSight analyst team is currently analyzing proof-of-concept exploit code for this issue.
It has been reported that a local off-by-one heap overflow exists in the handling of user-supplied databases by slocate. Because of this, an attacker may be able to gain elevated privileges.
Services By CQR