MP3Broadcaster is vulnerable to a buffer overflow when processing malicious ID3 tags due to insufficient sanity checks performed when handling signed integer values contained within MP3 file ID3 tags. An attacker can exploit this vulnerability by creating a specially crafted MP3 file and adding it to a playlist file.
A vulnerability has been reported for Apple QuickTime/Darwin Streaming Server. The problem is said to occur within the QTSSReflector module while processing the ANNOUNCE command. Specifically, by specifying an extremely large value as an argument within an ANNOUNCE request, it is possible to trigger an unexpected calculation causing the server to crash. Although it has not been confirmed, it is speculated that this issue may be exploitable to corrupt memory.
It has been reported that Load Sharing Facility (LSF) does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated privileges on a vulnerable system. A proof of concept code is provided which creates a file containing the contents of the /etc/shadow file, which can then be read by the attacker.
Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content. It is possible to refer to other files or attachments in a message through specially formatted inline text. If the CR (carriage return) character (0x0D, Ctrl-M) is embedded anywhere in the 'Attachment Converted' string, it is possible to execute message attachments without further user interaction.
A vulnerability has been discovered in various Axis Communications products, which allows remote users to access the administrative configuration interface without being prompted for authentication. This is achieved by making a request for a specially formatted URL, such as http://camera-ip//admin/admin.shtml.
A vulnerability has been reported for SudBox Boutique, where insufficient initialization of variables may allow an unauthorized user to gain authentication. Specifically, by making a malicious request to the login.php script it may be possible to authenticate as the administrative user.
BZFlag is prone to a denial of service vulnerability. Users that have established a session with BZFlag may cause a denial of service by reconnecting and flooding BZFlag ports with excessive amounts of data.
WsMp3 is vulnerable to an attack due to insufficient sanitization of HTTP POST requests. An attacker can exploit this vulnerability by sending a malicious HTTP POST request to the vulnerable server, which can lead to the execution of arbitrary files on the target system.
A vulnerability has been reported in WsMp3. The problem occurs due to insufficient sanitization of HTTP GET requests. As a result, an attacker may be capable of accessing the contents of sensitive system resources. Information obtained through the exploitation of this issue may aid an attacker in launching further attacks against a target system.
It has been reported that clicking a malformed 'callto:' URI in Internet Explorer will cause Windows 2000 systems to crash, resulting in a blue screen. This appears to be due to a boundary condition error in one of the URI parameters of the CALLTO protocol handler.
Services By CQR