A remote buffer overflow vulnerability when calling the sscanf() function has been reported to affect the mah-jong game client and server programs. The issue occurs within separate source files, however the code used by both programs is identical. It can be exploited to execute arbitrary code with the privileges of the target client or server application.
It has been reported that Microsoft Exchange server is prone to an SMTP HELO command argument buffer overflow vulnerability. The issue presents itself likely due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. It has been reported that a remote attacker may exploit this condition to trigger a denial of service in the affected daemon.
A local attacker, who can authenticate or has access as the db2as user, may exploit this issue to execute arbitrary instructions with elevated privileges. Specifically, user 'root' privileges. The vulnerability is triggered by passing a long string of characters to the db2dart utility.
Digital Scribe is vulnerable to Cross-site Scripting attacks due to insufficient input validation. An attacker can craft a malicious URL and send it to a user of the application. When the user clicks on the link, the malicious script will be executed in the user's browser. This can be used to steal cookie authentication credentials or launch other attacks.
It has been reported that WebCalendar may be prone to multiple SQL injection issues in the view_t.php, view_w.php, view_v.php, and login.php modules of the software. The problems arise from a lack of sufficient sanitization of user-supplied input before being included in database queries. Successful exploitation of these vulnerabilities may allow a remote attacker to gain access to sensitive information stored in the underlying database. This information may then be used to launch further attacks against a vulnerable system.
The Microsoft WordPerfect Converter, which ships with Office and a number of other products, is prone to a buffer overrun vulnerability. This could result in execution of malicious, attacker-supplied code when a document with malformed parameters is processed by the component. Exploitation would permit an attacker to execute arbitrary code with the privileges of the user opening the malformed document.
Microsoft Access Snapshot Viewer is prone to a remote buffer-overflow condition because the software fails to perform sufficient boundary checks on user-supplied parameters. A remote attacker may be able to leverage this issue to execute arbitrary code in the context of the user running the affected Internet Explorer.
A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient boundary checks when parsing specific properties of malformed documents. As a result, a malformed document may trigger a buffer overrun within the affected application, effectively allowing arbitrary code to run. Internet Explorer is also reportedly an attack vector, since it may call helper applications when handling certain document types. The exploit involves opening a Word document, selecting 'Insert' - 'Object', selecting 'MSPropertyTreeCtl Class' (or other objects such as ChoiceBox Class, etc), saving the .doc file, and modifying the .doc file by using a binary editor. Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.
A vulnerability has been discovered in Microsoft Windows XP that could result in the contents of memory being disclosed within some TCP packets. The problem specifically occurs within some SYN packets transmitted by Windows XP, which may not have correctly zeroed out URG flags. These flags may in fact contain data leaked from previously used memory. By continuously observing these abnormal SYN packets, it may be possible for an attacker to obtain sensitive information.
FloopTek FTGatePro Mail Server is prone to a cross-site scripting vulnerability. A remote attacker could exploit this issue by enticing a legitimate user of the mail server to follow a malicious link with embedded HTML and script code. The attacker-supplied code would potentially be rendered in the user's browser when the link is followed. This issue exists in the web administrative interface, which listens on port 8089 by default.
Services By CQR