Unchecked buffer code exists in the 'location' field of Real Networks RealPlayer versions 6.0 and 7.0. Requesting a URL containing a string consisting of 300 or more characters would cause the application to crash and would require a restart in order to regain normal functionality. Arbitrary code can potentially be executed through this vulnerability. This vulnerability may be exploited remotely if such a URL were embedded in a HTML file with the command 'autostart' set as 'true'. Both RealPlayer and the accompanying browser would crash in this case and require to be restarted to regain functionality.
Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space (%20) to the end of the filename specified in the 'CiWebHitsFile' variable, and setting 'CiHiliteType' to 'Full' and 'CiRestriction' to 'None', it is possible to retrieve the unprocessed source of the file. This is possible on any machine with Index Server installed, even those with no normal .htw files, because the virtual file null.htw is stored in memory and the .htw extension is mapped by default to webhits.dll.
The default configuration of Cobalt Raq2 and Raq3 servers allows remote access to .htaccess files, which could lead to unauthorized retrieval of username and password information for restricted portions of a website hosted on the server. An attacker can make a regular GET request, specifying an .htaccess file, such as http://target/path/.htaccess.
A malformed print request sent to port 515 of the TCP/IP Printing Service can cause the service to cease functioning and can affect other services as well, including SimpTCP, DHCPServer, FTPSvc, LPDSvc, and BinlSvc. The service will require to be stopped and restarted in order to regain normal functionality.
A vulnerability exists in SGI's Objectserver service which allows remote attackers to add root privileged accounts to the system being compromised. The vulnerability has existed since 1997 and was well publicized. The exploit can be used to remotely add an account to the IRIX system with a default username of 'lsd', a default password of 'm4c10r4!', and a default user home directory of '/tmp/.new' with a default userid of 0.
The ICA protocol uses a simple XOR-based encryption algorithm to protect user credentials while stored or in transit. This encryption can be easily broken, meaning that anyone sniffing the connection can obtain user access to the server. The ICA protocol, developed by Citrix, is used in Citrix server products such as WinFrame and MetaFrame and possibly others, and in Citrix and third party clients for those products.
A Denial of Service vulnerability exists in AnalogX SimpleServer:WWW, which is triggered when a URL containing a string of exactly eight characters following the /cgi-bin/ directory is requested. This causes the server to shut down.
WindMail 3.0 and possibly previous versions can be used to retrieve any ascii file that the webserver has read access to, provided the path and filename is known to the attacker. If the attacker has write access anywhere on the system and can determine the path to the writable directory, any file whether ascii or binary can be retrieved. In command line mode, all delivery options are specified at the command line as switch values, and the -n switch specifies a file name to send as the message body. In this mode, an attacker can specify any file that the webserver has read access to, and an email address to send that file to. In header parsing mode, a file is specified with the -n switch that contains a set of headers at the beginning of the file, separated from the message body by a single blank line. Therefore, if an attacker can create a file on the system that includes an 'Attach:' header, they can then specify that file with the -n switch and wait for the file listed in the 'Attach' header to arrive via email.
A denial of service exists in Linux kernels, as related to Unix domain sockets ignoring limits as set in /proc/sys/net/core/wmem_max. By creating successive Unix domain sockets, it is possible to cause a denial of service in some versions of the Linux kernel. Versions 2.2.12, 2.2.14, and 2.3.99-pre2 have all been confirmed as being vulnerable. Previous kernel versions are most likely vulnerable.
A Denial of Service (DoS) attack is possible with the default version of inetd distributed with Data General's DG/UX operating system. By performing a scan utilizing nmap's OS detection option (-O), the inetd daemon is put in a state where it will no longer spawn new services without being restarted.
Services By CQR