glFtpD contains an input validation error that may allow a malicious user to cause a denial of service against a host running the daemon. The problem occurs when a specially crafted 'LIST' command is received by the server. If the argument to the command contains an excessive number of '*' characters, the server will cease to respond and consume all available CPU resources on the system.
When a malformed request is made for a Java Server Page, the server displays an error page which contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks.
A user who has set an Open Firmware password on their Apple system believes it to be safe when powered down. There is a tool that any user with access to the Finder can run in order to reveal the Open Firmware password without any decryption.
The Windows 2000 RunAs service allows an application or service to be executed as a different user. It is accessed by holding down the shift key and right mouse clicking on an icon, then selecting 'Run as...' from the context menu. When the RunAs service is invoked, it creates a named pipe for client for communication of credentials (in cleartext). If the RunAs service is stopped, the attacker can create a named pipe with the same name to which credentials will be communicated when another user tries to use 'RunAs'.
SIX-webboard 2.01 is vulnerable to a directory traversal attack due to insufficient input validation. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences (e.g. ".." and "/") to the vulnerable web application. This can allow the attacker to view or retrieve files not normally accessible to them from the remote host.
A vulnerability has been discovered in Apache web server that may result in the disclosure of the server's address. The problem occurs when a HTTP request containing the URI of a directory is submitted to the server. If the URI does not contain a trailing '/' character, the server returns a 3xx redirection error code indicating that further action must be taken in order to fulfill the request. When this occurs, a 'Location' response-header containing the address of the server is returned as part of the response. In a situation where the request is redirected to the server behind a firewall, this could lead to the disclosure of the server's internal network address.
Fetchmail is a unix utility for downloading email from mail servers via POP3 and IMAP. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The vulnerability has to do with the use of a remotely supplied signed integer value as the index to an array when writing data to memory. It is be possible for attackers to overwrite critical variables in memory with arbitrary values if the target client's IMAP server can be impersonated. Successful exploitation can lead to the exectution of arbitrary code on the client host.
The problem is the result of the use of signed integers in the program's tTflag() function, which is responsible for processing arguments supplied from the command line with the '-d' switch and writing the values to it's internal 'trace vector'. The vulnerability exists because it is possible to cause a signed integer overflow by supplying a large numeric value for the 'category' part of the debugger arguments. The numeric value is used as an index for the trace vector, and can therefore be used to write within a certain range of process memory if a negative value is given. Because the '-d' command-line switch is processed before the program drops its elevated privileges, this could lead to a full system compromise. This vulnerability has been successfully exploited in a laboratory environment.
Xlock is a utility for locking X-windows displays. It is installed setuid root because it uses the user's password to authorize access to the display when it is locked. The version of xlock that ships with Solaris as part of OpenWindows contains a heap overflow in it's handling of an environment variable. Local attackers may be able to execute arbitrary code with effective privileges of xlock.
A vulnerability exists in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be exploited if an attacker connects to a host using HTTPS (typically on port 443) and crafts a specially formed GET request. Microsoft IIS will return a 302 Object Moved error message containing the internal IP address or internal network name of the server.
Services By CQR