A buffer overflow vulnerability has been reported in cftp. The vulnerability occurs when cftp is parsing 'Welcome' banner messages from remote FTP servers. When cftp receives an FTP banner exceeding a certain length, it will trigger the overflow condition. This could allow for execution of malicious code in the context of the FTP client.
A buffer overflow vulnerability exists in QuickTime PictureViewer.exe. The vulnerability occurs within TGA file images encoded data, specifically when encountering an invalid encoded width field. This can result in a heap-based buffer overflow. Remote attackers can exploit this vulnerability to execute arbitrary code or cause a denial of service (application crash) by using a crafted Targa image.
Multiple vulnerabilities were discovered in SonicWALL's Continuous Data Protection (CDP) v6.x 5040 appliance application. The vulnerabilities were found by the Vulnerability Lab Research Team.
ezbounce is affected by a format string vulnerability in the file ezbounce/commands.cpp. This vulnerability can be triggered when session support is enabled. To exploit this vulnerability, the attacker must have valid credentials. This vulnerability can be used by attackers with proxy access but no privileges on the underlying host.
This exploit allows an attacker to extract login credentials from TIBCO RendezVous version <=7.4.11. The passwords are stored in base64 format without encryption and the password file is accessible to everyone. This vulnerability affects the Windows environment.
Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges.
lbreakout2 is vulnerable to a format string issue in the login component. This vulnerability allows an attacker to execute arbitrary code on a vulnerable host. The exploit takes advantage of a format string bug in the initial login request. By sending a specially crafted packet containing shellcode and a format string buffer, an attacker can overwrite memory and execute arbitrary code.
GNATS is prone to a buffer overflow condition when parsing certain environment variables. An attacker can exploit this vulnerability by setting an overly long environment variable and invoking one of several GNATS utilities. This will trigger the overflow condition and will result in the corruption of sensitive memory. Successful exploitation may result in the execution of attacker-supplied code with elevated privileges.
The vulnerability occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Successful exploitation could potentially result in the execution of arbitrary code with the privileges of the Kerio MailServer process.
This exploit allows an attacker to execute arbitrary code on a vulnerable system running oops-1.4.6. The exploit takes advantage of two offsets where shellcode can be placed, using two copies to ensure successful execution. The shellcode avoids large letters and certain characters, and includes a dup2(33,0) function to ensure that the attacker is the only one with shell access.
Services By CQR