A cross-site-scripting vulnerability has been reported to affect PHP authentication functions used in PHP access control pages created with the Macromedia Dreamweaver MX PHP Authentication Suite. An attacker may exploit this condition to execute arbitrary HTML code in the browser of an unsuspecting user.
xtokkaetama is prone to a locally exploitable buffer overflow vulnerability. This is due to insufficient bounds checking of the '-nickname' command line option, which could result in execution of arbitrary code in the context of the software. The software is typically installed setgid 'games'.
xtokkaetama is prone to a locally exploitable buffer overflow vulnerability. This is due to insufficient bounds checking of the '-nickname' command line option, which could result in execution of arbitrary code in the context of the software. The software is typically installed setgid 'games'.
A remote attacker may be able to exploit this vulnerability in order to execute arbitrary code with Local System privileges.
This exploit can be used to lock up Postfix 1.1.12 and below by connecting to an SMTP host and sending a malformed envelope address. This can cause the queue manager to lock up until the message is removed manually from the queue, and can also lock the SMTP listener, resulting in a denial of service.
Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to 'bounce-scan' a private network. It has also been reported that this vulnerability can be exploited to use the server as a distributed denial of service tool. These attacks are reportedly possible through forcing the server to connect to an arbitrary port on an arbitrary host. The second vulnerability, CAN-2003-0540, is another denial of service. It can be triggered by a malformed envelope address and can cause the queue manager to lock up until the message is removed manually from the queue. It is also reportedly possible to lock the SMTP listener, also resulting in a denial of service.
It has been reported that a memory corruption vulnerability affects the Symantec Norton AntiVirus Device Driver. According to the report, one of the device control operation handlers attempts to write data to an address offset from a pointer parameter passed to DeviceIoControl(). There is no validation on the parameter supplied or the address written to. This vulnerability can be exploited by unprivileged userland programs to crash the affected host or potentially elevate privileges.
It has been reported that the rscsi utility may provide for the modification of ownership and the corruption of arbitrary attacker specified files. It has been reported that a local attacker may invoke the rscsi utility to corrupt or seize group ownership of an attacker specified file. Because the rscsi utility is installed with setuid 'root' permissions by default, a local attacker may harness this vulnerability to achieve elevated privileges.
It has been reported that under some circumstances, a Cisco appliance running IOS may answer malicious malformed UDP echo packets with replies that contain partial contents from the affected router's memory.
MOD Guthabenhack For Woltlab Burning Board is prone to an SQL injection vulnerability due to insufficient sanitization of user input. This vulnerability allows an attacker to bypass authentication methods via SQL injection attacks.
Services By CQR