NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflow(in the username field) which will allow malicious remote users to execute arbitrary code with the privileges of the webserver process. Successful exploitation of this vulnerability will allow a remote attacker to gain local access to the host.
It is possible to cause a denial of service to MacHTTP webserver due to improper bounds checking in the script 'responder.cgi'. HTTP GET requests with an excessive number of characters will cause the server to freeze.
An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service. This problem is due to improper validation of user-supplied input by certain variables in phpBB. This issue can be exploited by making a cleverly crafted web request that contains arbitrary user-supplied replacement values. One consequence of successful exploitation is that the attacker will be privy to user information.
A buffer overflow has been discovered in the handling of $ORACLE_HOME by otrcrep. otrcrep is installed with the Oracle suite as a SUID oracle SGID dba binary. This buffer overflow may be exploited by a local user to overwrite stack variables, including the return address, and execute arbitrary code with the privileges of user oracle and group dba.
When the ORACLE_HOME environment variable is filled with 750 bytes or more, a buffer overflow occurs. This overflow may be used to overwrite variables on the stack, including the return address. Since the dbsnmp program is setuid root, it is possible to gain elevated privileges, including administrative access.
A malicious user can remotely crash a Quake 3 Server by sending a specially crafted packet to the server. The packet contains the string 'connectre' preceded by four bytes of 255. This packet can be sent using the netcat utility. Execution of arbitrary code may be possible as well.
GNU locate is an application that searches file databases for file names that match user-supplied patterns. A boundary condition error can occur when the program reads database files composed in an 'old' format, produced by GNU locate prior to version 4.0 and by Unix versions of locate and find. If an attacker is able to write a malicious entry to a database file used by other users, the attacker could cause arbitrary code to be executed by another user when the user runs the locate program.
Multiple malicious IMG tags containing a unique 'mailto:' link can cause a denial of service to users who view webpages they are embedded into. The browser will crash, and system resources may be exhausted enough to cause the entire machine to crash.
A potential denial of service vulnerability exists in some versions of the Microsoft Windows network stack. The problem occurs when a large number of extraneous ARP packets sent to a host running Windows. This can cause the system to use all available CPU and memory resources and thus become unresponsive until the attack ends. By sending ARP requests to the Ethernet broadcast address, it may be possible to use this attack to disable an entire network.
PHP-Nuke is a website creation/maintenance tool written in PHP3. A vulnerability exists in the User Registration Form which allows a malicious user to substitute arbitrary values for image form elements. This can be done by saving the webpage locally as 'user.php.html' and altering the information. The new values may be set in such a way as to disclose arbitrary web-readable files to the attacker.
Services By CQR