Cisco VPN 3000 series concentrators are prone to a denial of service condition when receiving an overly long username string during authentication from a VPN client.Successful exploitation will cause the device to reload.
A flaw in Microsoft Internet Explorer may reveal the entire contents of XML files and partial contents of other files to attackers. This vulnerability allows an attacker to read the entire contents of XML files, and fragments of other files, existing in a known location, from a victim user's system. This vulnerability can be exploited via a malicious webpage or via malicious HTML e-mail. Other applications that use the Internet Explorer engine are affected as well (Outlook, MSN Explorer, etc.).
The vulnerability allows an attacker to include arbitrary files from the server. By manipulating the 'wb_class_dir' parameter, an attacker can include a shell script and execute arbitrary commands on the server.
JPEGsnoop is a detailed JPEG image decoder and analysis tool. It reports all image metadata and can even help identify if an image has been edited.
The exploit allows an attacker to execute arbitrary code on a remote system by exploiting a SEH overflow vulnerability in NCMedia Sound Editor Pro v7.5.1. By placing a specially crafted .dat file in the correct directory and opening it within the application, an attacker can trigger the vulnerability and gain control of the system. This exploit is based on a semi-universal ROP chain that utilizes the MSVCR70.dll library included with the software.
The Inso DynaWeb webserver dwhttpd is prone to a remotely exploitable format-string vulnerability that occurs when logging requests for files that do not exist. Exploits may allow attacker-supplied code supplied to run with the privileges of the dwhttpd. Note that a vulnerability described in Bugtraq ID 5583 allows for unauthenticated remote attackers to view the logfile. Attackers may exploit that vulnerability to more easily exploit this issue successfully and automatically.
A buffer-overflow vulnerability has been reported in some versions of OpenSSL. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. A malicious client may be able to exploit this vulnerability to execute arbitrary code as the vulnerable server process or possibly to create a denial-of-service condition.
Some versions of Fake Identd fail to properly handle long client requests, causing an internal buffer to overflow. This can lead to execution of arbitrary code as the Fake Identd server process.
The Gender Mod for phpBB2 allows a remote user to manipulate the SQL statement used to update their user profile, potentially gaining administrative access to the system.
A buffer overflow vulnerability exists in the TFTP server file name handling of Cisco IOS and MGX switches. Insufficient bounds checking on requested file names allows an attacker to send a request for a file name of 700 or more bytes, causing a denial of service and potential code execution. On Cisco IOS, the router crashes and reboots, while on Cisco MGX switches, the TFTP service fails but the device continues to function.
Services By CQR