A vulnerability in the MyWeb HTTP server allows for insufficient bounds checking when handling GET requests. This can be exploited by an attacker to corrupt sensitive data and potentially execute arbitrary code, leading to denial of service.
A remote attacker can exploit this vulnerability by sending a malicious HTML email with an excessively long hyperlink to a file resource. This can lead to the execution of arbitrary code in the context of the client user.
A remote buffer overflow vulnerability has been reported to affect the DeleGate SSLway filter. This filter is employed when DeleGate is applying SSL to arbitrary protocols. The issue presents itself due to a lack of sufficient boundary checks performed, when copying user-supplied certificate field contents. A remote attacker may potentially exploit this issue, to overwrite the return address of the static ssl_prcert() function. The attacker may corrupt any other saved value that is within 768 bytes from the end of the affected buffers. It has been reported that the X509_NAME_oneline() function will perform character conversion on characters below '0x20' or above '0x7e'; this may hinder exploitation of this issue.
The SurgeLDAP web administration application is prone to an authentication bypass vulnerability, possibly allowing remote attackers manager access. Once administration access is granted, it may be possible for an attacker to modify records in the LDAP database, destroy data, crash the server, or possibly further attacks on other services utilizing SurgeLDAP for its authentication data.
Exim has a remotely exploitable stack-based buffer overrun vulnerability. This vulnerability can be triggered by a malicious email if sender verification is enabled in the agent. It allows for the execution of arbitrary code in the content of the mail transfer agent. The vulnerable functionality is not enabled by default, but may be enabled in some Linux/Unix distributions that ship the software.
PHPX is affected by multiple administrator command execution vulnerabilities. These issues allow a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, leading to the execution of attacker-supplied commands with administrator privileges.
phlyMail suffers from multiple stored XSS vulnerabilities (post-auth) and Path Disclosure when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site and displaying the full webapp installation path.
This exploit targets the Nagios CGI script history.cgi. It takes advantage of a vulnerability in the Nagios code to execute remote commands. The exploit is likely to work on other Linux distributions that have similar vulnerabilities. The code includes some questionable practices that may not be recommended by experienced exploit coders.
PHPX is affected by multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to a failure of the application to properly sanitize user-supplied URI input. An attacker can create a malicious URI link that includes hostile HTML and script code. When the victim user follows this link, the hostile code may be rendered in their web browser. This can lead to theft of cookie-based authentication credentials or other attacks.
The vulnerability allows an attacker to execute arbitrary HTML or script code in a user's browser by injecting malicious content via the font size attribute. This can lead to theft of cookie-based authentication credentials and other potential attacks.
Services By CQR