A buffer overflow in the NetSQL server makes it possible for a remote user to gain remote root access to a system using the affected software. By sending a long string to port 6500, a remote user can create a buffer overflow, allowing code execution.
An input validation error exists in uDirectory that may allow remote users to execute arbitrary commands on a host running the software. A malicious user can send a specially crafted request to the vulnerable server, which will allow the attacker to execute arbitrary commands on the server.
Windows Index Server and Windows Indexing Service contain an unchecked buffer in the 'idq.dll' ISAPI extension. A maliciously crafted request could allow arbitrary code to run on the host in the Local System context. This vulnerability is currently being exploited by the 'Code Red' worm.
A buffer overflow is known to exist in ghttp which will allow arbitrary code to be executed with the privileges of the webserver. Proof-of-concept code has demonstrated that this vulnerability can be exploited by remote attackers.
A problem with BestCrypt makes it possible for a local user to gain elevated privileges. Due to insufficient checking of bounds by the program bctool when unmounting an encrypted file system, it's possible to overflow a buffer within the program, overwriting variables on the stack. This could lead to execution of code as root.
A buffer overflow vulnerability exists in the implementation of the 'man' system manual pager program commonly included with Linux distributions. The vulnerability exists due to the way the program handles manual page files beginning with a '.so' statement. Under certain circumstances, the code responsible for processing this data may be allow the length of the filename from a '.so' statement to be expanded, eventually causing a boundary condition error. As a result, it may be possible for local users to execute arbitrary code with group 'man' privileges.
SiteWare Editor Desktop is prone to directory traversal attacks which can lead to disclosure of arbitrary webserver-readable files on the vulnerable host. This is due to the fact that the software does not filter '../' character sequences from HTTP Requests.
When the LPRng daemon is initialized, it fails to drop its supplementary groups. As a result, the daemon and any child processes it spawns will maintain the supplementary groups inherited from the process that started LPRng. Processes or routines which are meant to be run with lowered privileges will run with these supplementary group privileges. Vulnerable sections of program code are often run with lowered privileges because of susceptibility to attacks. Because they are not dropped, these privileges may be gained by an attacker if LPRng is vulnerable to such attacks.
Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. An ftp user can engage the attack by making a directory with an unusual number of sub-folders, forcing the software to quit, as it is unable to handle the creation of so many directories at one time. The FTP server must be rebooted to regain normal functionality. It is required that a user be logged in to carry out this attack, and executing command 'mkdir A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A' will make Rumpus quit.
When Apache webserver is used with Mac OS X Client, the standard filesystem for Mac OS X is HFS+ which is case insensitive while Apache's filtering is case sensitive. This results in Apache filtering all file requests that match filters exactly (including case), but not filtering requests made with mixed or upper case characters. This allows unprivileged remote users to access arbitrary privileged files.
Services By CQR