This exploit takes advantage of a vulnerability in the sscanf function in PHP. By providing a format argument with argument swap and extra arguments, an attacker can overwrite memory and execute arbitrary code. The exploit involves filling PHP's internally cached memory with the address of a pointer to a writable segment, unsetting a variable to free the memory but not zero it, and passing our own pointers to sscanf. By constructing a binary zval structure with shellcode, we can successfully call sscanf and execute code.
A format string vulnerability in the syslog function of slurp NNTP client allows a remote server to supply a custom format string that can write to an arbitrary address in memory.
The vulnerability exists in the component that parses gopher replies. A malicious server is able to send a reply that will overflow the buffer and run arbitrary code on a user's system.
OpenBB is vulnerable to HTML injection attacks when HTML code is replaced with BBCodes. This allows an attacker to inject arbitrary HTML code into forum messages, leading to cross-site scripting (XSS) attacks and potential theft of cookie-based authentication credentials.
CMailServer is vulnerable to a buffer overflow condition. It does not perform proper bounds checking on the USER argument, allowing a remote attacker to execute arbitrary code on the system. This exploit allows for denial of service or the creation of a bind shell on port 61200. It has been tested on Windows 2000 SP3 English.
CMailServer is vulnerable to a buffer overflow condition. It does not perform proper bounds checking on the USER argument, allowing a remote attacker to execute arbitrary code on the vulnerable system. The issue has been reported in CMailServer 3.30, but other versions may also be affected. The exploit code provided in the text demonstrates the ability to execute arbitrary code on a Windows 2000 system.
The DSNManager script in Hosting Controller does not properly filter dot-dot-slash sequences from URL parameters, allowing an attacker to perform directory traversal attacks. By exploiting this vulnerability, an attacker can disclose the contents of arbitrary web-readable files or potentially add a Data Source Number (DSN) to an arbitrary directory.
The vulnerability allows an attacker to bypass the same origin policy in some versions of the Opera Browser. By modifying the location property of an IFRAME or FRAME included in the document, an attacker can execute script code within the context of the previous frame site. This can lead to potential information disclosure or unauthorized actions.
A buffer overflow vulnerability exists in 3CDaemon FTP server, allowing malicious users to execute arbitrary code on the server by sending an unusually large amount of data to trigger a stack-based overflow condition. Sending random data could also cause the application to crash.
Under some circumstances, it may be possible for a local user to take advantage of a buffer overflow in screen. Due to insufficient bounds checking performed by the braille module of screen, it is possible for a local user to pass long strings of data to the screen program, which could result in an overflow, and the overwriting of process memory. This could result in the execution of arbitrary code.
Services By CQR