A PHP-Nuke superuser can bypass access controls and privilege restrictions to delete the PHP-Nuke 'God Admin' account by making a specially crafted request for the 'admin.php' script.
The vulnerability allows remote attackers to execute arbitrary commands on a target system by injecting malicious commands in the 'go.cgi' parameter of the GoScript application. This can lead to unauthorized actions being performed on the victim's computer.
The SOAPParameter object constructor in Mozilla and Netscape contains an integer overflow vulnerability. This can lead to corruption of critical heap memory structures and possible remote code execution. An attacker can exploit this by crafting a malicious web page and having users view it in a vulnerable version of Mozilla or Netscape.
IBM Tivoli Directory Server is reported to contain a directory traversal vulnerability in its web front-end application. This issue presents itself due to insufficient sanitization of user-supplied data. This issue allows remote attackers to view potentially sensitive files on the server that are accessible to the 'ldap' user. This may aid an attacker in conducting further attacks against the vulnerable computer.
The USR808054 wireless access point is reported to contain a denial of service vulnerability in its embedded web server. When malicious requests are received by the device, it will reportedly crash, denying service to legitimate users of the access point. This issue can be exploited by anybody with network connectivity to the administration HTTP server, no authentication is required. Version 1.21h of the device was found to be vulnerable, but other versions are also likely affected. Due to the practice of code-reuse in companies, it is also possible that other devices and products have this same flaw.
MailEnable is prone to a remote denial of service vulnerability. This vulnerability exists in the MailEnable HTTP header parsing code. When reading a large content-length header field from an HTTP request, the operation overflows a fixed-size memory buffer, causing the HTTP service to crash. The vulnerability can be exploited to crash the affected HTTP service, denying service to legitimate users. There is also a possibility to execute arbitrary code.
The Webcam Corp Webcam Watchdog is affected by a remote cross-site scripting vulnerability in the sresult.exe binary. This vulnerability occurs due to a failure of the application to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker can create a malicious link with script code that will be executed in the browser of a legitimate user by passing malicious HTML code as a value for the affected URI parameter supplied to 'sresult.exe'. This allows the attacker to execute arbitrary code within the context of the vulnerable website.
Fusion News is affected by an administrator command execution vulnerability. This allows a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activates this URI, the attacker-supplied command would be carried out with the administrator's privileges.
A vulnerability is reported for PowerPortal which may make it prone to HTML injection attacks. The problem is said to occur due to a lack of sufficient sanitization performed on private message data. Specifically, when creating PowerPortal private messages, the subject field may not be sufficiently sanitized of malicious content. This may make it possible for an attacker to place HTML or script code within the subject field of a private PowerPortal message for another user. The examples provided include injecting JavaScript code to display an alert with the user's cookies and redirecting the user to a malicious website with the user's cookies as a parameter.
A buffer overrun vulnerability is reported for Citadel/UX. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments. An anonymous remote attacker may be capable of exploiting this issue to execute arbitrary code. This however has not been confirmed. Failed exploit attempts may result in a denial of service.
Services By CQR