When a user is presented with a file dialog in Opera, a temporary file is created. It is possible for an attacker to specify a relative path to another file on the system using directory traversal sequences. If the user has write permissions to the specified file, it can be corrupted. This vulnerability could be exploited to delete sensitive files on the system. It is unknown if it could be used to trojan files.
The ProjectForum application is prone to a denial of service vulnerability. This vulnerability allows remote attackers to crash the server by sending an excessively long string via the 'find' request.
This is a Perl script that exploits a vulnerability in the Sami FTP server. It is based on a remote exploit by Critical Security. The script allows an attacker to execute arbitrary code on a vulnerable system. The script has been tested on Windows 2000 SP4 Italian and English versions and Windows XP Pro SP2 Italian and English versions. The exploit uses a specific return address depending on the target system.
A remote attacker can gain unauthorized access to a system using the vulnerable software by exploiting a buffer overflow vulnerability in the 'abook_dbname' function. By sending a long argument with the FETCHADDRESS command, the attacker can cause a buffer overflow and execute arbitrary commands.
A remote attacker can exploit a stack overflow vulnerability in DameWare Mini Remote Control Server to gain unauthorized access to hosts using the vulnerable software.
FVWM is prone to a command execution vulnerability that allows an attacker to execute arbitrary commands on a vulnerable system. The fvwm-menu-directory component does not properly sanitize user input, allowing a user with write permissions to a directory to execute arbitrary commands.
A buffer overflow condition is present in the authentication mechanism implemented in Ebola. The vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted string to the application.
A remote user can gain unauthorized access to a system using the vulnerable software by exploiting a problem in the handling of input by My_eGallery.
A remote attacker can send a malicious email with a spoofed attachment converted line to crash the Eudora email client. This can be triggered when the malicious message is viewed.
HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen(3C) and may be executed by other local users. This could result in privilege escalation as an attacker could specify an arbitrary path for a message catalogue, which will be opened with elevated privileges.
Services By CQR