Microsoft Windows Explorer for Windows XP has been reported to be prone to a remote denial of service vulnerability. This issue is due to a failure of the application to properly validate user-supplied input via the 'shell:' command. The 'shell:' command is a parameter that a user can specify when including a URI in an HTML tag. This command allows the HTML script to potentially execute any program specified after the 'shell:' command. Successful exploitation of this issue would cause the affected application to crash, denying service to legitimate users. The issue may be triggered when a user follows an HTML link formatted like so: <a href=shell:windowssystem32calc.exe>link</a> or when a user views an HTML document containing the following tag: <iframe src=shell:windowssystem32calc.exe></iframe>
It has been reported that the FVWM fvwm_make_browse_menu.sh script is prone to a command execution vulnerability. This issue is due to the script allowing a user to define which application should be used to execute the file via its filename. An attacker may be able to leverage this issue to cause arbitrary commands to be executed with the privileges of a victim user.
SquidGuard is prone to a remote NULL URL character unauthorized access vulnerability. This issue is due to a failure of the application to properly filter out invalid URIs. Successful exploitation of this issue may allow a remote attacker to bypass access controls resulting in unauthorized access to attacker-specified resources.
It has been reported that the Internet Security Systems (ISS) Protocol Analysis Module is prone to a remote buffer overflow vulnerability when parsing the ICQ protocol. This issue exists due to insufficient bounds checking performed on certain unspecified ICQ protocol fields supplied in ICQ response data. Successful exploitation of this issue may allow a remote attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access. This attack would occur in the context of the vulnerable process.
Symantec Client Firewall has been reported to be prone to a remote denial of service vulnerability. The issue is reported to present itself in the TCP packet processing routines of the affected software. It is reported that this vulnerability will have a system wide impact, causing Windows GUI and peripherals that are attached to the host to become unresponsive. A hard reset is reported to be required to restore normal functionality to the system.
Error Manager is prone to multiple vulnerabilities due to failure to validate user input, failure to handle exceptional conditions and simple design errors. These issues may be leveraged to carry out cross-site scripting attacks, reveal information about the application configuration and initiate HTML injection attacks against the affected system. An HTML file can be written to create an admin user on the affected web site when the admin views the error logs.
Error Manager is prone to multiple vulnerabilities due to failure to validate user input, failure to handle exceptional conditions and simple design errors. These issues may be leveraged to carry out cross-site scripting attacks, reveal information about the application configuration and initiate HTML injection attacks against the affected system. An example of a cross-site scripting attack is provided in the source.
It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without having to first authenticate to the application. This issue may be leveraged to manipulate the application database, potentially destroying data.
WFTPD server front end GUI has been reported to be prone to a denial of service. The issue is reported to present itself if a user who is logged into the affected service issues an FTP request with a large parameter. This will cause the server GUI to behave in an unstable manner, potentially preventing the GUI from opening.
When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory. Data that exceeds the size of the reserved buffer will overflow its bounds and will trample any saved data that is adjacent to the affected buffer. Ultimately this may lead to the execution of arbitrary instructions in the context of the root user. An attacker will require system group privileges prior to the execution of the getlvcb utility, the attacker may exploit the issue described in BID 9903 in order to gain the necessary privileges required to exploit this vulnerability.
Services By CQR