Unpredictable results, including system crashes, lock-ups, reboots, and loss of network connectivity, can occur in Windows 95/98 if a NetBIOS session packet is received with the source host name set to NULL.
Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems. Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniffit is configured to log emails, attackers may be able to exploit a stack overflow in the logging mechanism and execute arbitrary code as root on the underlying host.
Sniffit is a freely available, open source network monitoring tool designed for use on the Unix and Linux Operating Systems. Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniffit is configured to log emails, attackers may be able to exploit a stack overflow in the logging mechanism and execute arbitrary code as root on the underlying host.
Sniffit is a freely available, open source network monitoring tool designed for use on the Unix and Linux Operating Systems. Sniffit contains a remotely exploitable buffer overflow vulnerability. If Sniffit is configured to log emails, attackers may be able to exploit a stack overflow in the logging mechanism and execute arbitrary code as root on the underlying host.
A buffer overflow vulnerability exists in the code that handles login information in Cassandra NNTP v1.10 server. Entering a login name that consists of over 10 000 characters will cause the server to stop responding until the administrator restarts the application.
A denial of service attack exists in versions of Cisco IOS, running on a variety of different router hardware. If the router is configured to have a web server running for configuration and other information a user can cause the router to crash.
Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands. In addition, by accessing http://target/scripts/c32web.exe/ChangeAdminPassword, a remote user is able to change the administrative password without prior knowledge of the previous password.
A default username and password has been discovered in the Piranha virtual server and load balancing package from RedHat. Version 0.4.12 of the piranha-gui program contains a default account, piranha, with the password 'q' (no quotes). Using this username and password, in conjunction with flaws in the passwd.php3 script (also part of piranha) will allow remote users to execute arbitrary commands on the machine. Execute the following url, using the above information to authenticate: http://victim.example.com/piranha/secure/passwd.php3. Next, execute the following: http://victim.example.com/piranha/secure/passwd.php3?try1=g23+%3B+touch+%2Ftmp%2Fr00ted+%3B&try2=g23+%3B+touch+%2Ftmp%2Fr00ted+%3B&passwd=ACCEPT. This will touch a file in /tmp named r00ted. More complex attacks are certainly possible.
Performing a TCP SYN or TCP connect scan on a host running Symantec pcAnywhere will cause the program to crash. Restarting the application is required in order to regain normal functionality.
htimage.exe can be used to determine if a specified path and filename exists on the target host or not. The specified path must be on the same logical drive as the web content. Any file can be specified as an image map in the URL. htimage.exe will then look for that path in the webroot, and then the root of the logical drive containing the webroot. If htimage.exe finds the file, it will generate an error about the file not being a valid image map. Requesting a nonexistent file will return an error message disclosing the actual path of the web root.
Services By CQR