Several buffer overflow conditions have been reported for WSMP3. The vulnerability is due to improper bounds checking when copying data to local buffers. An attacker can exploit this vulnerability by sending an overly long request to the vulnerable server. This will trigger the buffer overflow condition, resulting in memory corruption. Ovewriting sensitive memory with malicious values may allow an attacker to execute arbitrary code on the target system.
Rational ClearCase has been reported to be prone to a denial of service condition. It is possible to cause this condition by portscanning a system running the vulnerable version of ClearCase. This issue was demonstrated using the nmap portscanning utility. An attacker can exploit this vulnerability by making two consecutive portscans of a vulnerable system. This will cause ClearCase to crash. Restarting the ClearCase service is required to restore functionality.
acFTP is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability by sending a USER command with a valid username and a blank password. This will allow the attacker to log on to the FTP server without proper authentication.
A vulnerability has been discovered in the Java! JustInTime compiled used by Netscape Communicator, related to the generation of Intel instructions from specially constructed Java bytecode. If a malicious applet is compiled by the vulnerable compiler, it may be possible to redirect program flow to point to attacker-controlled memory. Successful execution of attacker-supplied instructions may result in arbitrary system commands being executed outside of the Java sandbox, with privileges of the JVM process.
The Microsoft Java virtual machine implementation contains a vulnerability that may allow for malicious Java applets to escape the security sandbox. An applet constructed at the bytecode-level may be able to perform some illegal operations. If these operations are performed, it may be possible to escape the security constraints placed on the applet by the JVM. Code execution with the privileges of the victim user may be possible.
An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the message to HTML, any malicious HTML code will be executed within the context of the displayed web page.
Tftpd32 is vulnerable to a remote file download/upload attack, allowing an attacker to download and upload arbitrary system files. This can be exploited by sending a GET or PUT request to the tftp host, followed by the file path. For example, an attacker can send a GET request to download the boot.ini file, or a PUT request to upload a malicious file to the boot.ini path.
A buffer-overflow vulnerability has been reported for Tftpd32. The vulnerability is due to insufficient checks on user-supplied input. A remote attacker can exploit this vulnerability by supplying a long string as a name of the file to retrieve. This will trigger the buffer-overflow condition. Any malicious attacker-supplied code will be executed with the privileges of the Tftpd32 process.
An attacker can exploit this vulnerability by connecting to a vulnerable MailEnable server and sending an overly long string as the value for the USER login prompt. This will trigger the buffer overflow condition.
A buffer overrun condition has been discovered in the SWRemote parameter used in Macromedia Flash objects. By triggering the overrun it is possible for an attacker to corrupt sensitive heap memory. Exploiting this issue may allow a remote attacker to redirect program flow to malicious shellcode, resulting in the execution of arbitrary commands with the privileges of the browser process.
Services By CQR