The Android OS is vulnerable to a local DoS when a filename with a length of 2048 or larger is attempted to be written to the sdcard(vfat fs) multiple times. The result of successful running of the exploit code is the system restarting. The vulnerability only effects Android kernels that are in the version 2.6 family.
This vulnerability is a buffer overrun vulnerability in Microsoft Windows Messenger Service. It occurs due to insufficient bounds checking of messages before they are passed to an internal buffer. Exploitation of this vulnerability could lead to a denial of service or execution of malicious code in Local System context, potentially allowing for full system compromise.
This exploit takes advantage of a buffer overflow vulnerability in the USER command of FreeFloat FTP Server. By sending a specially crafted payload, an attacker can execute arbitrary commands on the target system. The exploit uses a combination of junk data, a return address, and a payload to achieve code execution.
PHP-Nuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue occurs within the admin.php file, specifically when authenticating to a server. The vulnerability is due to insufficient sanitization of user-supplied data. An attacker may exploit this issue to influence SQL query logic and disclose sensitive information about the underlying database to launch further attacks against a vulnerable system.
OpenOffice is prone to a remote denial of service vulnerability under certain circumstances. The issue presents itself when an attacker connects to a remote OpenOffice session and transmits malicious data to the affected software. The software will apparently fail when handling the malicious data.
This module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution.
This exploit allows remote attackers to execute arbitrary commands on a server running DokuWiki <= 2006-03-09b release by exploiting a vulnerability in the /bin/dwpage.php script. The vulnerability can be triggered if the register_argc_argv setting is turned on. By sending a specially crafted request, an attacker can inject shell commands and execute them on the target server.
Attackers could exploit these issues to cause a denial of service or to execute arbitrary code.
A problem in the handling of some types of remote files has been reported in mpg123. Because of this, it may be possible for a remote attacker to execute arbitrary code with the privileges of the mpg123 user.
A remotely exploitable buffer overrun vulnerability has been reported in ProFTPD. This issue could be triggered if an attacker uploads a malformed file and then that file is downloaded in ASCII mode. Successful exploitation will permit a malicious FTP user with upload access to execute arbitrary code in the context of the FTP server. It is also reported that ProFTPD does not adequately drop privileges in some circumstances, which may compound the risks associated with exploitation.
Services By CQR