The web messaging server in IMail is vulnerable to a buffer overflow when it receives a request for HTTP version 1.0 that is 96 bytes or greater. This could allow an attacker to execute malicious instructions and potentially gain local access.
A vulnerability in the SQL Server Resolution Service allows a remote attacker to execute arbitrary code on a vulnerable host. The attacker could exploit a heap-based buffer overflow in the resolution service by sending a maliciously crafted UDP packet to port 1434.
The SecureCRT client is prone to a buffer-overflow condition when attempting to handle an overly long SSH1 protocol identifier string. An attacker can exploit this issue via a malicious server. Exploiting this issue may allow an attacker to execute arbitrary code or cause the client to crash.
MailMax is vulnerable to buffer overflow attacks against its POP3 daemon, popmax. The vulnerability occurs due to improper bounds checking of the 'USER' argument. An attacker can cause a buffer overflow condition by submitting an overly large value for the 'USER' argument, causing popmax to crash and execute attacker-supplied code.
MERCUR Mailserver is prone to a remotely exploitable buffer overflow condition. The condition is due to insufficient bounds checking in the Control-Service component, which listens on TCP port 32000 by default. It is possible to corrupt process memory by supplying an overly long username/password. Attackers may exploit this condition to execute arbitrary instructions with the privileges of the mailserver.
This exploit allows an attacker to inject SQL queries through the 'idsite' parameter in the view_com.php file of the PHPMyRing web application. By manipulating the 'idsite' parameter, an attacker can extract the admin login and plain text password from the database.
The Betsie (BBC Education Text to Speech Internet Enhancer) application is prone to a cross-site scripting vulnerability. This vulnerability exists in the 'parserl.pl' script. Attackers can exploit this vulnerability by providing a malicious link to a website that is running the vulnerable software. If a user visits the malicious link, it can cause arbitrary script code to be executed in their web browser.
A boundary condition error in the efstool program allows a user to supply a long commandline argument, resulting in a buffer overflow. This can be exploited to overwrite stack memory and execute attacker-supplied code.
Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with MS Jet Engine. This issue may be exploited to execute attacker-supplied instructions with the privileges of the SQL Server process. This issue requires that the attacker can pass malicious data to the OpenDataSource function and may be exploitable remotely via SQL injection vulnerabilities in web-based software. Due to this being an issue in the MS Jet Engine component itself, other products which rely on Jet Engine may also be affected by this vulnerability.
The IRCIT client is vulnerable to a remote buffer overflow vulnerability. When an INVITE message is received, the supplied from user data is copied into a fixed buffer of length MAXHOSTLEN. A maliciously formatted message can overflow this buffer and execute arbitrary code.
Services By CQR