A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions by spoofing attachments. This can be done by using <x-xyz></x-xyz> constructs (x-html, x-rich or x-flowed) and embedding CR=x0d characters which get converted internally into a NUL=x00 and ignored, so spoofing "attachment converted" lines. At version 6.1.1, embedded CR seem to get converted into NL=x0a.
A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions by sending a plain README attachment and a README.bat attachment, which contains a malicious script that can be executed without warning.
A buffer overrun vulnerability has been discovered in Monit 4.1 and earlier that could be exploited remotely to gain root privileges. The problem occurs due to insufficient bounds checking when handling overly long HTTP requests. As a result, it may be possible for a remote attacker to corrupt sensitive process data in such a way that the execution flow of Monit can be controlled. Successful exploitation of this condition could potentially allow for the execution of arbitrary code with root privileges.
sircd is prone to a privilege escalation vulnerability that allows any user logged on to the sircd server to set their usermode to +o, or operator mode. This allows the attacker to hijack IRC channels or impersonate users, which may aid in further attacks against the target server.
It has been reported that CommerceSQL may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient sanitization of user-supplied input. An attacker may traverse outside the server root directory by using '../' character sequences.
A problem has been identified in Thomson Cable Modems when handling long requests on the HTTP port. Because of this, it may be possible for an attacker to deny service to legitimate users of the device. An attacker can remotely shutdown internet connection by sending a malicious request to the device.
A problem has been reported in the handling of certain file types by gEdit. Memory corruption may occur when handling files containing long strings. Because of this, it may be possible to cause memory corruption.
A local OpenBSD kernel vulnerability has been discovered when handling the semctl and semop system calls. The problem specifically occurs due to improper sanity checking before handling a user-supplied semaphore set. It is said that this could lead to the corruption of kernel-based memory and may result in a kernel panic. The problem occurs due to the affected code verifying the bounds of an integer against an incorrect variable. This could result in an unintended index into an array situated in heap memory. The value taken from the location within the array is interpreted as a pointer and later dereferenced. If a value believed to be a legitimate memory address were used, this would effectively result in a segmentation violation within the kernel, causing it to panic. Although unconfirmed, due to the nature of this issue it has been speculated that this issue could be exploited to gain elevated system privileges.
FreeRADIUS is prone to a heap-corruption vulnerability when handling of tag-field input. An attacker may be able to exploit this issue to deny service to legitimate users of a vulnerable FreeRADIUS server. This issue was initially reported as a vulnerability in how the software handles 'Tunnel-Password' attribute in Access-Request packets, but the issue turns out to have wider scope, affecting tag-field input in general.
A problem has been reported in the service used by EffectOffice Server. Because of this, it may be possible for a remote user to deny service to legitimate users of the software. An attacker can send a large number of 'aaaaaaaaaa' strings to the service on port 56004, which will cause the service to crash.
Services By CQR