A problem has been identified in the YaSoft Switch Off software package when handling large packets via the service management port (8000/TCP). This may make it possible for a remote user to deny service to legitimate users of the service. An attacker can exploit this vulnerability by sending a large packet to the service management port (8000/TCP) using the command 'nc 127.0.0.1 8000 < DoS.txt'
EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This vulnerability allows an attacker to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerable software. The attacker must have a malicious script hosted at the following location: http://[attacker's_site]/admin/site_settings.php
GoodTech Telnet Server is reportedly prone to a denial of service vulnerability. This condition occurs prior to authentication when excessive data is received by the server. Exploitation could result in memory corruption, which could in turn be leveraged to execute arbitrary code, though this has not been confirmed by Symantec.
Microsoft Windows is prone to a security flaw in the implementation of the showHelp() function. Using directory traversal sequences and special syntax when referring to the CHM file, it is possible to bypass this restriction. This could be exploited in combination with other known vulnerabilities to install and execute malicious code on a client system.
NETObserve is prone to a vulnerability that may permit remote unauthenticated users to access functions of the software. An attacker can exploit this vulnerability by sending a POST request with a malicious payload to the vulnerable server, followed by a GET request to execute the malicious payload. This may result in remote compromise of the system.
It has been reported that MDaemon/WorldClient mail server may be prone to a buffer overflow vulnerability when handling certain messages with a 'From' field of over 249 bytes. This issue may allow a remote attacker to gain unauthorized access to a system. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the vulnerable software in order to gain unauthorized access.
Jordan Windows Telnet Server has been reported prone to a remote buffer overrun vulnerability. The issue has been reported to present itself when a username of excessive length is supplied to the Telnet server. Due to a lack of bounds checking, when this username is copied into an insufficient reserved buffer in stack-based memory, data that exceeds the size of the buffer will overrun its bounds and corrupt adjacent memory. An attacker may exploit this condition to corrupt a saved instruction pointer for the vulnerable function.
Microsoft IIS fails to log HTTP TRACK calls made to the affected server. A remote attacker may exploit this condition in order to enumerate server banners.
A vulnerability has been reported to affect Sygate Personal Firewall that may allow a user to bypass DLL authentication controls. The issue has been reported to present itself in the routines that are used to enforce DLL authentication. A local attacker may exploit this condition to bypass Sygate DLL authentication controls.
It has been reported that BulletScript MailList may be prone to an information disclosure vulnerability that may allow remote attackers to gain access to sensitive information. The issue is reported to be present in the 'action' parameter of bsml.pl script. Information gathered via these attacks may aid an attacker in mounting further attacks against a vulnerable system and the affected users.
Services By CQR