Light httpd is prone to a remotely exploitable buffer overflow condition. This overflow can be triggered by sending the server an excessively long GET request. As Light httpd drops user privileges when running, exploitation of this issue may result in the execution of arbitrary attacker-supplied commands with the privileges of the 'nobody' user.
The Visual Tools DVR systems have multiple vulnerabilities that allow an unauthorized user to access the DVR web interface and gain a root shell on the system. The vulnerabilities include administration password disclosure, default administration password, and log files disclosure. The vulnerabilities can be exploited during the first ten minutes after system boot.
This exploit targets a vulnerability in Huawei Technologies' Internet Mobile software. It is a Unicode SEH based vulnerability that allows for local exploitation. The exploit has been tested on Windows XP SP1 and may not work on other versions of Windows due to SafeSEH enabled.
By passing an excessively long commandline argument to Abuse, it is possible to overrun a buffer. Exploiting this issue could allow a local attacker to overwrite sensitive memory variables, resulting in the execution of arbitrary code, within the context of the Abuse process.
The SolarWinds TFTP Server does not properly handle user-supplied input. Due to insufficient handling of user input, it is possible for a remote user to request arbitrary files from the vulnerable server. It would be possible for a remote user to download any files readable through the permissions of the TFTP Server user.
The Microsoft Windows RPC service contains a flaw that may allow a remote attacker to cause a denial of service. By sending a specifically malformed packet to TCP port 135, the RPC service will be disabled.
This script causes 100% CPU usage on Windows XP SP2, and the CPU will keep running at 100% until you close explorer.exe.
Microsoft Outlook Express contains an unchecked buffer in the code that generates warning messages when certain error conditions associated with digital signatures are encountered. Execution of arbitrary code in the security context of the current user is possible.
PowerFTP server does not properly handle long user names. When excessive data is supplied as an argument to the FTP 'USER' command, the server becomes unstable. Exploitation of this vulnerability typically results in a crash of the server, requiring a manual restart to resume FTP service.
This exploit allows an attacker to execute arbitrary code in VLC Player version 2.0.3 or earlier. By crafting a malicious PNG file, an attacker can trigger a buffer overflow vulnerability in the VLC Player, leading to the execution of arbitrary code.
Services By CQR