Fortech Proxy+ is vulnerable to unauthorized remote administration. By default, the telnet gateway is open and any user can connect to http://target:4400/admin to remotely administer the system without any authorization.
Axent NetProwler 3.0 IDS is vulnerable to a malformed packet attack. It will crash if the Man-in-the-Middle signature encounters a packet for which the following expression is true: (IP_HEADER_LENGTH + TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH. According to Axent Security team, this is not a fragmented packet issue as reported in RFP2K05 By Rain Forest Puppy.
BeOS is vulnerable to a remote TCP fragmentation attack that will crash the target system, requiring a reboot. This attack can be executed using the tcpsic tool, which sends a series of fragmented packets to the target system.
The Microsoft Active Movie Control (a multimedia ActiveX control) will download files of any type specified in the control parameters in an HTML document, regardless of whether or not they are a valid media type. A hostile website, HTML email or HTML newsgroup post could therefore write executables and other potentially harmful content to target machines, which will be stored with their known filenames in the default Windows Temp directory.
Several buffer overflow vulnerabilities exist in Kerberos 5 implementations due to buffer overflows in the Kerberos 4 compatibility code. These include MIT Kerberos 5 releases 1.0.x, 1.1 and 1.1.1, MIT Kerberos 4 patch level 10 (and, most likely, prior releases), and Cygnus KerbNet and Network Security (CNS). The main source of problems is due to a buffer overflow in the krb_rd_req() library function. This function is used by every application that supports Kerberos 4 authentication, including, but not limited to, kshrd, klogin, telnetd, ftpd, rkinitd, v4rcp and kpopd. Therefore, it is possible for a remote attacker to exploit this vulnerability and gain root access on affected machines, or obtain root level access once local.
A buffer overflow vulnerability exists in the router's HTTP interface, which allows an attacker to send a large username or password to the router, causing it to restart. A simple script or program could be written to keep the router down indefinately.
ICECap Manager is a management console for BlackICE IDS Agents and Sentries. By default, ICECap Manager listens on port 8081, transmits alert messages to another server on port 8082, and has an administrative username of 'iceman' possessing a blank password. A remote user could login to ICECap manager through port 8081 (using the default username and password if it hasn't been modified) and send out false alerts. In addition, the evaluation version of ICECap Manager has the option of utilizing Microsoft Access' JET Engine 3.5. This creates a security hazard because JET Engine 3.5 is vulnerable to remote execution of Visual Basic for Application code. Therefore, remote users may execute arbitrary commands on ICECap Manager through the use of the default username and password and JET Engine 3.5.
Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package, calendar-admin.pl and calendar.pl. Calendar-admin.pl calls open() with user-input in the command string but does not parse the input for metacharacters. It is therefor possible to execute arbitrary commands on the target host by passing '|shell command|' as one value of the 'configuration file' field. The shell that is spawned with the open() call will then execute those commands with the uid of the webserver.
Opening approximately 98 connections on port 23 will cause Cisco 760 Series Routers to self reboot. Continuously repeating this action will result in a denial of service attack.
Certain versions of @Stake Inc.'s Antisniffer software contain a remotely exploitable buffer overflow. AntiSniff is a program that was released by L0pht Heavy Industries in July of 1999. It attempts, through a number of tests, to determine if a machine on a local network segment is listening to traffic that is not directed to it (commonly referred to as sniffing). During one particular test there is a problem if a packet that does not adhere to DNS specifications is sent to the AntiSniff machine. This can result in a buffer overflow on the system running AntiSniff. If the packet is crafted appropriately this overflow scenario can be exploited to execute arbitrary code on the system.
Services By CQR