A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations. Exploitation of this vulnerability could lead to the corruption of the stack, and possibly to execution of arbitrary code as the root user.
Black JumboDog 2.6.4 and 2.6.5 HTTP proxy is vulnerable to a buffer overflow. The buffer overflow can be exploited by sending excessively long "expires", "if-modified-since", and "Last_Modified" strings containing executable code. A client must be able to use the Black JumboDog HTTP proxy function. Black JumboDog also has mail proxy functions and this buffer overflow can be exploited with HTML mail.
Under certain conditions, an application launched by a regular user on an OpenBSD system can cause a system crash. This occurs when the application attempts to pipe a NULL value, triggering a kernel fault and crashing the system. A malicious local user can exploit this vulnerability to deny service to legitimate users of the system.
The pmake program, specifically the Makefile executed by pmake, allows the user to set certain user-defined variables. One such variable is the .SHELL variable, where a format string can be supplied in the check= field. By exploiting this vulnerability, an attacker can write to an arbitrary memory address of the program, potentially overwriting the return address and executing arbitrary code with root privileges.
ActivePerl contains a remotely exploitable buffer overflow vulnerability in handling of the URL string. It is due to an unbounded string copy operation. This vulnerability allows remote attackers to gain access to the target server.
The Persistent XSS vulnerability allows an attacker to inject malicious code into the Description field, which will be executed when anyone visits the site. The Remote Change Admin Password vulnerability allows an attacker to change the admin password by submitting a form with the desired new password.
This module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote.
Rwhoisd is a publicly available RWHOIS server daemon for Unix based systems developed and maintained by Network Solutions Inc. It contains a remotely exploitable format string vulnerability. Attackers can execute arbitrary code on affected hosts by supplying malicious format specifiers as the argument to the '-soa' directive.
A buffer overflow condition can be triggered in Oracle 9iAS Web Cache 2.0.0.1.0 by submitting a malicious URL. This overflow can lead to either the process exiting, the process hanging, or the injection of malicious code. This occurs on all four services provided by Web Cache.
Malicious users could send specifically crafted HTTP request to an Internet Information Services server running Index Server to reveal path information, file attributes, and possibly some lines of the file contents.
Services By CQR