A vulnerability in Rediff Bol allows a remote user to log other users out of the Bol chat client. This is due to improper handling of some types of requests, such as a rbol: command. By sending a rbol:login:logout request, the client will log out.
It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrary PHP script containing commands that may be carried out on the vulnerable host.
It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote clients into a local buffer. This vulnerability may be exploited by remote attackers to execute custom instructions on the target server. It is also possible to crash the service with a malicious request. It should be noted that, to exploit this vulnerability, no authentication is required. Additionally, the Locator service is enabled by default on all Windows 2000 and Windows NT Domain Controllers (DC).
A vulnerability has been discovered in WinRAR. The problem occurs when the affected application opens an archive containing a file with an overly long file extension. It has been reported that it is possible for an attacker to exploit this issue to run arbitrary instructions. Commands executed in this manner would be run with the privileges of the vulnerable program.
YaBB SE allows remote users to influence the location of included files. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included and executed by YABB SE. This may allow a remote attacker to execute arbitrary commands in the context of the webserver.
A vulnerability has been reported in Apache Web server for Microsoft Windows. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP GET requests that involve reserved MS-DOS device names may cause the Apache Web server to crash.
It has been reported that a buffer overflow in escputil exists. When supplied with excessively long arguments, it is possible to overwrite stack memory. escputil is reportedly installed setgid 'sys' on Mandrake Linux, so it is possible that this issue may be exploited to execute arbitrary code with elevated privileges. Other distributions may also be affected if the utility is installed or runs with elevated privileges.
mtink is prone to a locally exploitable buffer overflow condition. This is due to insufficient bounds checking of the HOME environment variable. mtink is reportedly installed setgid 'sys' on Mandrake Linux, so it is possible that this issue may be exploited to execute arbitrary code with elevated privileges. Other distributions may also be affected if mtink is installed or runs with elevated privileges.
CVS is prone to a double free vulnerability in the Directory requests. An attacker may potentially take advantage of this issue to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code.
MyRoom is vulnerable to a remote file upload vulnerability due to inadequate security checks performed by some PHP scripts. An attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.
Services By CQR