PlanetWeb is vulnerable to a buffer overflow condition when handling GET requests of excessive length. Upon receiving a GET request containing a 1024 byte or greater URL, an exploitable buffer overflow occurs, which may result in the remote execution of arbitrary code within the context of the web server process.
Savant Webserver is vulnerable to an input validation bug, that could allow malicious users access to password protected folders. It should be noted that versions below 3.1 may also be vulnerable to this issue. An attacker can use the following requests to exploit this vulnerability: GET /password_folder / HTTP/1.0, http://host/password_folder%, http://host/password_folder%20
BRU is a backup and restore utility distributed by The Tolis Group. This vulnerability affects the utility on the Linux platform. xbru does not properly check for the existence of temporary files prior to execution. Because of this, it is possible for a local user to create symbolic links to other files, which will be overwritten by the BRU user. As BRU is typically run by the root user, this could result in the overwriting of root-owned files.
Savant Webserver is prone to a denial of service attack, when processing a negative integer located in a users Content-Length value.
The SSR8000 SmartSwitch distributed and maintained by Enterasys has been discovered to react unpredictably when portscanned. When these switches are scanned using specific types of TCP traffic, and scanned on certain ports, the switch becomes unstable and can be crashed consistently.
When decoding a HTML email, Outlook Express will stop responding upon encountering a <A HREF> link longer than 4095 characters.
Netris is prone to a remotely exploitable memory corruption issue. An attacker may exploit this to execute arbitrary code with the privileges of the user invoking the vulnerable application. When the MyEventType() function is done, the contents of the buffer can continue on past netBuf[64], into other data segments. However, the segment right after netBuf[64](netBufSize[4]) will be changed to 0x00000000, after the overflow has taken place. So, instead of using 64 byte shellcode, we will skip the first 68 bytes(filler). This will look like so: memory: [netBuf(64)][netBufSize(4)]...[other data segments] exploit: [68 filler bytes][nops][shellcode][return address]
phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file (config.php) by supplying malicious parameters for the savesettings.php script. The configuration file is referenced in most of the other guestbook scripts, so each time one of the scripts is accessed the attacker-supplied PHP code will be executed.
A remote user can crash the Oracle TNS Listener service by connecting to the service and issuing the SERVICE_CURLOAD command. This will cause the listener to stop responding to connections and crash after the command is issued.
The Trillian instant messaging client uses weak encryption to store saved authentication credentials for instant messaging services. The credentials are encrypted by using XOR with a static key that is used with every installation of the software. Local attackers may potentially exploit this weakness to gain access to another user's instant messaging credentials.
Services By CQR