It is possible to create a loop in JavaScript which is capable of crashing various web browsers. This is due to a flaw in the JavaScript interpreter. Browsers that have been tested include Microsoft Internet Explorer, Mozilla and Opera. It has been reported that on some environments (such as IE with Windows 2000) the error message generated by exploitation of this issue indicates that a stack overflow has occurred. It is not known whether this issue may be exploited to execute arbitrary code.
A vulnerability has been reported in some versions of qpopper, where if a string of longer than approximately 2048 characters is sent to the qpopper process, a denial of service condition will occur. An example of this exploit is using the perl command to print a string of 2049 characters to the qpopper process via netcat.
The debugging subsystem, which is available to all users, may be used to create duplicate handles to a privileged process. This may allow an application with minimal privileges to execute arbitrary code with the privileges of the process that is accessed.
PHProjekt is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. If the included file is a PHP script, this may allow for execution of arbitrary attacker-supplied code. Successful exploitation depends partly on the configuration of PHP on the host running the vulnerable software. If 'all_url_fopen' is set to 'off' then exploitation of this issue may be limited.
Multiple local buffer overflow conditions have been reported in some versions of Ecartis. If successfully exploited, this may result in the execution of arbitrary code. Listar normally runs as the non-privileged user 'listar'. Exploitation of this vulnerability may allow the malicious party to launch further attacks against the system as the user 'listar'.
The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. A CGI script included with the CD does not adequately sanitize input. Due to a design failure which does not remove special characters such as the pipe (|) character, a user submitting a malicious email address to the script could execute arbitrary commands with the permissions of the executing program.
A vulnerability has been reported in some versions of VirusWall. An option exists called 'Skip scanning if Content-length equals 0', which is enabled by default. A malicious web server may return infected content with this header set to 0, and bypass the VirusWall scanner. As many popular client programs will ignore this header and display the content, this may allow malicious content to bypass VirusWall and still be interpreted by a client system.
XTux is a multiplayer network game for Linux. The server component (June 01, 2001 version) is vulnerable to a denial of service initiated by connecting to the server and sending unexpected characters. This causes the server to become unresponsive and consume resources.
The 'MultiFileUpload.php' script is not sufficiently protected from outside access. While other sensitive administrative scripts are protected with HTTP authentication, 'MultiFileUpload.php' is not. Remote clients may invoke the execution of this script without valid administrator credentials. In doing so, it is possible for an attacker to upload files that are created on the server filesystem as any user. Furthermore, the uploaded files are stored in '/tmp' with predictable filenames. If the attacker has local access to the system, this vulnerability can be exploited to overwrite a file of equal user and group ownership through the use of a symbolic link.
AOL Instant Messenger (AIM) is vulnerable to a buffer overflow attack when a specially formatted hyper-link is sent to a user. When the user attempts to launch the malicious hyper-link, the client will crash. It is also possible to exploit this issue to cause attacker-supplied instructions to be executed on the machine of a user running the vulnerable client.
Services By CQR