The Interscan Viruswall software package contains a vulnerability that allows a remote attacker to execute arbitrary commands with root privileges on the system. The vulnerability is due to buffer overflows in the cgi programs used by the management interface of Interscan Viruswall. By exploiting these buffer overflows, an attacker can execute arbitrary commands by sending a specially crafted request to the vulnerable system.
A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. cfingerd queries and logs the remote username of users of the service. If an attacker sets up a remote machine that returns specific format strings instead of a valid username, and connects to cfingerd from that machine, he can exploit the format string bugs. Because cfingerd runs as root, this means the attacker gains full control of the cfingerd host.
The flaw in the implementation of the PGP ASCII Armor decoder allows an attacker to create an arbitrary file on a user's system. This can be exploited by decoding a specially crafted .sig file that contains malicious instructions to create the desired file. The attacker can choose the location and content of the file.
The Etomite CMS version <= 0.6.1 is vulnerable to remote command execution. By uploading an image file and renaming it with a .php extension, an attacker can execute arbitrary commands on the target server.
This exploit allows an attacker to add an admin user to the VamCart v0.9 software by submitting a form with hidden fields containing the necessary user information.
A buffer overflow vulnerability in the error reporting code of the lpsched program in DGUX UNIX allows a local user to execute arbitrary code with the euid of root. By placing a request to the lpsched program consisting of a long and non-existing host name, an attacker can trigger the buffer overflow and gain root privileges.
A successfully logged-in user, via IMAP, could cause MDaemon to terminate the connection. If the user submits either a 'SELECT' or 'EXAMINE' command appended with 250 or more characters, MDaemon will refuse any new connections to the IMAP service. A restart of the service is required in order to gain normal functionality.
A vulnerability exists in Services for Unix 2.0 that allows a remote user to execute arbitrary commands on a target machine by crafting a URL with command line parameters to the telnet client. The telnet client initiates the logging of session information, allowing an attacker to write and execute arbitrary commands.
The Nullsoft Tracker 2 Module Player is vulnerable to a buffer overflow. An attacker can craft a specially crafted module file that, when opened by the player, triggers the buffer overflow and allows for remote code execution.
SnmpXdmid in Solaris versions 2.6, 7, and 8 is vulnerable to a remotely exploitable buffer overflow vulnerability. The overflow occurs when snmpXdmid attempts to translate a 'malicious' DMI request into an SNMP trap. An attacker can gain superuser access by successfully exploiting this vulnerability.
Services By CQR
