A buffer overflow condition has been reported in the Trillian IRC module. The condition is due to insecure handling of data extracted from server responses. An attacker in control of a malicious server may exploit vulnerable clients who have connected.
super is prone to a format string vulnerability. This problem is due to incorrect use of the syslog() function to log error messages. It is possible to corrupt memory by passing format strings through the vulnerable logging function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values.
When a HTTP POST command is made to the web calendaring service on port 8484, and the "content-length:" header field is blank, the service becomes unstable and crashes. An attacker may exploit this vulnerability by submitting a POST request with a blank content-length header field.
The Microsoft Windows Media Player executable is prone to a buffer overflow condition when invoked with an oversized filename. Since the program is executed in the context of the user invoking it, it is not likely that a local attacker could exploit this issue to gain elevated privileges. However, if the program can be invoked remotely or a user can be somehow enticed into invoking the program with a malformed filename, then this may be exploited by an attacker. Realistically, another exposure or vulnerability would have to exist on the host system for an attacker to exploit this issue.
A race condition error in the code of some versions of the pppd daemon included with multiple BSD distributions may result in the pppd process changing the file permissions on an arbitrary system file. The vulnerability has been reported in OpenBSD versions 3.0 and 3.1, and earlier versions of OpenBSD may share this vulnerability.
The MM Shared Memory library is reported to be prone to a race condition with regards to temporary files which may enable a local attacker to gain elevated privileges. This issue may reportedly be exploited by an attacker with shell access as the Apache webserver user to gain root privileges on a vulnerable host.
An error has been reported in Microsoft Outlook Express which may allow malicious XML file attachments to execute arbitrary code in the context of the local system. Code execution could occur when the file attachment is opened, without further prompting or user interaction. This is the result of treatment of script code included in XSL style information embedded in an XML document. Normally, XSL style information is not permitted in XML scripts executing within a restricted security zone. However, some embedded script code may still execute, despite the generation of an XML parsing error. This script code may determine the location of the Temporary Internet File (TIF) directory, which in turn can lead to the execution of arbitrary code within the Local System security zone.
dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software. This may be accomplished by submitting a maliciously crafted 'user_cookie' value either manually or via manipulation of URI parameters. This problem is due to the software relying on the user 'cookie_value' to authenticate the user.
Easy Guestbook 1.0 fails to properly authenticate users who wish to edit guestbooks, allowing an attacker to modify any user's guestbook by deleting entries.
An attacker with SNMP write access to the HP ProCurve 4000M Switch can write more than 85 characters to the SNMP variable .iso.3.6.1.4.1.11.2.36.1.1.2.1.0, causing the device to crash the next time it accepts a connection to either the configured telnet or HTTP port.
Services By CQR