A vulnerability has been discovered in the Smart Search CGI script. Due to insufficient sanitization of user-supplied URI parameters, it may be possible for an attacker to execute arbitrary commands on a target system. All commands executed in this manner would be run with the privileges of the web server hosting the script.
A vulnerability has been discovered in PXE which is included with Red Hat Linux. Specifically, it is possible for a remote attacker to overrun a buffer by passing excessive data to the service. This may result in the corruption of sensitive process memory, and as such may allow an attacker to execute arbitrary commands.
MyABraCaDaWeb is reported to disclose path information in error messages when handling some invalid requests. This information could be useful in further attacks against a system hosting the software.
Kebi Academy 2001 does not sufficiently validate input supplied via URI parameters. As a result it has been reported that it is possible to retrieve arbitrary files which are readable by the web server. It has also been reported that it is possible to upload malicious files to the server. This could result in disclosure of sensitive information or execution of arbitrary commands in the context of the web server.
GNOME Eye of Gnome (EOG) image viewer is prone to a format string vulnerability. This condition may lead to execution of arbitrary code if malicious format specifiers are supplied to the program via the command line. As some utilities may be configured to invoke EOG as the handler for images through a mailcap entry, this may allow for local privilege escalation or possibly remote exploitation.
Ximian Evolution does not properly validate MIME image/* Content-Type fields. If an email message contains an image/* Content-Type, any type of data can be embedded where the image information is expected. This can be used to embed HTML tags that will be rendered by GTKHtml, bypass policies, or invoke bonobo components to handle external content types.
A vulnerability has been discovered in the Ximian Evolution Mail User Agent (MUA). The problem occurs when the mailer attempts to process a maliciously encoded e-mail message. When attempting to decode the message, the MUA will repeatedly attempt to allocate memory, resulting in system resource exhaustion and will eventually crash.
The Evolution mail client supports 'uuencoded' content and decodes it automatically when a message is initially parsed. A memory corruption error is present in the parsing component that can result in the client crashing when specially malformed content is decoded. The presence of such a message in an Evolution user's mailbox may result in a prolonged denial of service as the crashing of the GUI may prevent deletion of the message. The user will also not be able to read messages while the message is present in their mailbox.
The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function 'RtlDosPathNameToNtPathName_U' and may be exploited through other programs that use the library if an attack vector permits it. One of these programs is the implementation of WebDAV that ships with IIS 5.0. The vector allows for the vulnerability in ntdll.dll to be exploited by a remote attacker. Several other library functions which call the vulnerable ntdll.dll procedure have been identified. It has been reported that the W32.Welchia.Worm, described in MCID 1811, is actively exploiting this vulnerability.
The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function 'RtlDosPathNameToNtPathName_U' and may be exploited through other programs that use the library if an attack vector permits it. One of these programs is the implementation of WebDAV that ships with IIS 5.0. The vector allows for the vulnerability in ntdll.dll to be exploited by a remote attacker. Several other library functions which call the vulnerable ntdll.dll procedure have been identified. Reports suggest that numerous hosts have been scanned in an attempt to exploit this vulnerability. It has been reported that this vulnerability is also present in the 'RtlGetFullPathName_U' function. It has been reported that the W32.Welchia.Worm, described in MCID 1811, is actively exploiting this vulnerability.
Services By CQR