Cobalt's RAQ 4 server has three remote vulnerabilities. The service.cgi script has a cross site scripting vulnerability because it incorrectly parses the incoming searches and includes HTML tags and Javascript in the result. A directory traversal vulnerability allows attackers to read restricted files or passwords and profiles the users. In addition, a very long URL string will crash the service. Exploits included.
5ff610883de6c62b6e21a04a4afd2e050469e4e36cf69e6665831f6d3baaed70