Disk Pulse Enterprise Server v10.1.18 suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.
In Flexense VX Search Enterprise Server v10.1.12, the Control Protocl suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.
This module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card.
Gespage is a web solution providing a printer portal. The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection (Stacked Queries - comment). These vulnerabilities could allow attackers to retrieve / update data from the database through the application.
Windows maintains a DC cache in win32kbase!gpDispInfo->pdceFirst. If you create multiple windows from a shared class while switching between CS_OWNDC and CS_CLASSDC, you can cause cache list entries to maintain references to free WND structures. This might take a while to crash though, something has to cause the list to be traversed (e.g. a new window opens) after the freed memory has changed. It can also crash in some very strange places.
Snitz search feature is vulnerable to XSS which can aide an attacker in stealing cookies, and thus compromising the account. In order to steal another users identity, all an attacker needs to know is thier encrypted password. This is not very hard to obtain using the XSS as described above, or other methods. Once an attacker has this info, all they have to do is login to thier normal account to get a valid session id, close the browser, replace thier username and encrypted pass with that of the victim, and return to the site where they will be recognized as the victim. This is the most serious of the vulns, as it requries no real effort and leaves the entire snitz forum open to attack. All an attacker has to do is request a forgotten password, save the password reset page offline,edit the member id to the desired member id, and submit the form. The members password will then be reset to that of the attackers choosing.
Max Web Portal is vulnerable to Cross-Site Scripting (XSS) attacks and Hidden Form Field Weakness. An attacker can exploit the XSS vulnerability by entering malicious code into the search utility. The Hidden Form Field Weakness can be exploited by adding certain fields to the form which can be used to deface the website or send private messages to all members of the website.
MegaBrowser HTTP server is vulnerable to a directory traversal vulnerability which allows access to any file on the system as well as directory viewing of the root web directory. While not as serious as the previously mentioned vuln, this still poses a threat as it may allow an attacker to harvest a list of valid FTP usernames on the system.
WinMX 2.6 is an older version of the popular file sharing client WinMX. While the current version is 3.31, 2.6 still remains quite popular. Especially amongst users on private networks. The problems with WinMX 2.6 is that it provides pretty much NO password protection. This can be exploited both locally and remotely. Locally, one can edit a particular server, and upon doing so the username and pass are presented in plaintext, and the other way is to open the nservers.dat file in the WinMX directory. Remotely, the passwords are encrypted by such servers as SlavaNap etc, but they are passed to the server in plaintext, so any malicious server owner with a packet sniffer can exploit this vuln.
phpLinks is prone to HTML injection due to a vulnerability in the search feature. Search queries are not sufficiently sanitized of HTML and script code. These search queries may potentially be displayed to other users when the most popular searches are viewed. If an attacker includes malicious HTML or script code in these queries, it is possible that the attacker-supplied code may be rendered in the web client software of other users. phpLinks does not sufficiently sanitized HTML and script code supplied via form fields before displaying this data to administrative users. This issue exists in the 'add.php' script, which is used to add sites to the phpLinks system. As a result, an attacker may cause malicious HTML and script code to be executed in the web client of an administrative user who reviews attacker-supplied data submitted when a site is added.
Services By CQR