The ZBServer Pro 1.5 has an unchecked buffer vulnerability in the code that handles GET requests. This vulnerability allows for the execution of arbitrary code.
This exploit crashes a RealMedia 5.0 server by sending a very long ramgen request. It sends a GET request with a payload of 4082+ bytes, causing the server to crash. Regular functionality can be restored by restarting the RealServer software.
IMail keeps the encrypted passwords for email accounts in a weak encryption scheme. The scheme involves converting each letter of the account name and password to their ASCII equivalent, applying offsets and differences, and looking up the new ASCII values in a table to obtain the encrypted password.
i20dialogd daemon in UnixWare operating system is vulnerable to a buffer overflow attack. The authentication mechanism of the daemon does not perform bounds checking on the username/password buffers, allowing an attacker to overflow the buffer and execute arbitrary code. Exploit code needs to be base64 encoded before being sent to the server.
This exploit allows an attacker to perform a remote SQL injection attack on a website using the dzcp 1.34 software. The attacker can retrieve the password of a user by providing the website URL, user credentials, and user ID as parameters.
The vulnerability in Unixware's implementation of privileges allows regular users to attach a debugger to a running privileged program and take over its privileges. By finding a program listed in the /etc/security/tcb/privs file with the desired privileges and executable by the user, a malicious user can exploit the vulnerability and gain elevated privileges.
It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in /etc/security/tcb/privs give them the ability read /etc/shadow. When the oversized buffer data is passed to the programs as argv[1], the stack will be corrupted and it is possible to spawn a program which would "cat" /etc/shadow with the dacread privs.
The Seyon program in FreeBSD 3.3-RELEASE has a vulnerability that allows a local user to elevate their privileges. The program is installed setgid dialer, allowing a malicious user to access communications devices and other resources accessible by the dialer group.
This exploit targets the Geeklog version 1.4.0sr3. The vulnerability allows an attacker to execute remote commands. The exploit takes advantage of the fckeditor feature, which is enabled by default and not protected. By uploading multiple extension files, an attacker can execute arbitrary shell commands on the target server.
If Microsoft SQL Server 7.0 receives a TDS header with three or more NULL bytes as data, it will crash. The crash will generate an event in the log with ID 17055 'fatal exception EXCEPTION_ACCESS VIOLATION'. The provided code is a DoS attack against MS SQL Server.
Services By CQR
