This exploit allows an attacker to gain access to a user's pine messages by creating a symbolic link between the user's pine temporary file and a file of the attacker's choice. The attacker can then view the user's pine messages by tailing the file they created.
A file include vulnerability has been reported in the nphpd.php module of newsPHP that may permit an attacker to include and execute malicious script code on a vulnerable host. The issue is reported to exist in the LangFile variable of nphpd.php module of the software. Successful exploitation may lead to execution of arbitrary code on a vulnerable system by a remote attacker.
WIDZ does not validate untrusted input when generating alerts. Alerts pass the essid of an unknown wireless access point through a system() call. By setting the essid of an unauthorized access point to include malformed information, the underlying operating system may be compromised. Go to Apple Airport and set network name to ';/usr/bin/id; This will generate the following message: unknown AP essid= uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) sh: -c: line 3: unexpected EOF while looking for matching `'' sh: -c: line 4: syntax error: unexpected end of file
A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list. When the vulnerable configuration is in place, an attacker may be capable of enumerating the Microsoft URLScan extension filtering list by making repeated requests to files with differing extensions. The enumeration of this type of information could potentially aid an attacker when launching further attacks against the target web server.
Clickcess ChitChat.NET discussion forum software is vulnerable to HTML injection. This vulnerability allows a remote attacker to inject malicious HTML and script code into the website. This can lead to cookie-based credential theft.
News Wizard is vulnerable to path disclosure vulnerability. An attacker can send a request for an invalid web resource to the server and the server will respond with an error page which will disclose the path information. This information can be used to further attack the system.
Invision Power Board is prone to a cross-site scripting vulnerability due to a lack of sufficient sanitization performed by functions in an Invision Power Board script on user-influenced URI parameters. A remote attacker can construct a malicious link to the affected script hosted on a remote site, and supply arbitrary HTML code as a value for a URI parameter. If this link is followed, the content of the URI parameter will be rendered in the browser of the user who followed the link.
The RedHat 7.0 replaced the BSD lpr with the LPRng package which is vulnerable to format string attacks because it passes information to the syslog incorrectly. An attacker can get remote root access on machines running RedHat 7.0 with lpd running (port 515/tcp) if it is not fixed.
This exploit is for Realserver versions < 8.0.2. It is a remote code execution exploit that uses a shorter shellcode than the one in version 0.1. It is offsetless and requires an encoder in front of the exploit to make sure the shellcode is 0x00, 0x0d, 0x0a, 0x20, and 0xff free. After successful exploitation, a command shell should spawn on TCP port 31337.
It has been reported that a cross site scripting vulnerability exists in the Downlaods and Web_Links modules of PostNuke. It is possible that an attacker may construct a link containing malicious script code that could be executed in a browser of a user who visits the link. Exploitation could allow theft of authentication cookies.
Services By CQR