Zone-H has reported that the Q-Shop ASP shopping cart software contains a vulnerability that may allow remote attackers to upload arbitrary files. Once uploaded, the attacker may be able to have the script executed in the security context of the Web server. It is reported that Q-Shop provides an interface intended for administrators to upload files, however when this file is requested directly, no authentication is required.
A problem with the software may make elevation of privileges possible. It has been reported that a buffer overflow exists in Tower Toppler. A local user may be able to exploit this issue to execute code with the privileges of the toppler program. A Buffer overflow in HOME enviroment variable. Just your standard stack overflow... Should give a GID=20 on successful exploitation.
It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain access to the SYSTEM account.
A denial of service vulnerability exists in the Canon GP-300 print server. The vulnerability is triggered when a malformed web request is sent to the server. This will cause the server to crash, denying service to legitimate users.
MyServer has been reported to be prone to denial of service attacks when handling certain malformed URIs. This could be exploited to deny availability of web services to legitimate users.
cPanel is prone to an HTML injection vulnerability. It is possible for remote attackers to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be rendered in their browser in the context of the site hosting cPanel.
It has been reported that the Mailwatch plugin for GKrellM is vulnerable to a remotely exploitable buffer overflow. This may permit the execution of arbitrary code with the privileges of the GKrellM program. Proof of Concept code for a buffer overflow in gkrellm plugin gkrellm-mailwatch 2.4.2 is provided. Overflow occurs in when processing the 'From' (not 'From:') field of the email. This is remotely exploitable if you can pass shellcode through the mail servers with out it getting foobar'ed in the process.
IglooFTP PRO for Windows platforms has been reported prone to multiple buffer overrun vulnerabilities. The issue likely presents itself due do a lack of sufficient bounds checking performed on data that is copied into a reserved internal memory buffer. Remote arbitrary code execution has been confirmed.
IglooFTP PRO for Windows platforms has been reported prone to multiple buffer overrun vulnerabilities. The issue likely presents itself due do a lack of sufficient bounds checking performed on data that is copied into a reserved internal memory buffer. Remote arbitrary code execution has been confirmed. It should be noted that although this vulnerability has been reported to affect IglooFTP PRO version 3.8, other versions might also be affected.
rundll32.exe has been reported prone to a buffer overflow vulnerability. The condition has been reported to be triggered when an excessive string is passed to the vulnerable application as a routine name for a module. Exploitation of this issue may be hindered, due to the fact that user-supplied data is converted to Unicode.
Services By CQR
