A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is 'checkout'ed and it is sent back to the server and executed with committing. A malicious committer can modify or create Checkin.prog and execute the recently committed binary file via Checkin.prog triggered by the 'cvs commit'.
The cvs client blindly trust paths returned to it by the server. Therefore, a cvs client could be tricked into creating a file anywhere on the system by a malicious server.
An attacker can send the NetBIOS name service a NetBIOS Name Conflict message even when the receiving machine is not in the process of registering its NetBIOS name. The target will then not attempt to use that name in any future netwrok connection attempts. This can lead to intermittent connectivity problems, or the loss of all NetBIOS functionality.
There is a vulnerability in the Linux pam_console module that could allow an attacker to remotely reboot the workstation or perform other actions limited to local users. If a workstation is configured to use a display manager (xdm, gdm, kdm, etc.) AND has XDMCP enabled, it is possible for a user who logs in remotely to use Xnest -query to log in on display :1, which is recognized as the system console. This vulnerability is only present if the workstation is running a graphical login manager such as gdm or kdm.
A directory traversal vulnerability exists in SimpleServer 1.06 and possibly earlier versions. By requesting a specially formed URL containing encoding (%2E) to the server, a remote user can gain read access to known files above the SimpleServer directory.
If a request containing the null character (%00) is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages.
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash. If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed. If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash. If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed. If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash. If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed. If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.
AnalogX Proxy is a simple proxy server that allows a user to connect a network of computers to the internet through the proxy gateway. Many of the services provided contain buffer overrun vulnerabilities that can allow an attacker to crash the proxy server remotely. The FTP, SMTP, POP3 and SOCKS services are vulnerable to a denial of service attack by sending especially long arguments to certain commands.
Services By CQR