Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data.
The Avirt Mail Server 3.3a and 3.5 packages are vulnerable to a remote buffer overflow vulnerability. The buffer overflow can be initiated by passing 856 characters in the password field.
A specially crafted packet can cause a denial of service on an NT 4.0 host, rendering local administration and network communication nearly unusable. This attack will crash the 'services' executable, which in turn, disables the ability for the machine to perform actions via named pipes. As a consequence, users will be unable to remotely logon, logoff, manage the registry, create new file share connections, or perform remote administration. Services such as Internet Information Server may also fail to operate as expected. Rebooting the affected machine will resolve the issue, provided it is not attacked again.The problem lies within the manner that srvsvc.dll makes calls to services.exe. Certain MSRPC calls will return NULL values which are not correctly interpreted by services.exe. This, in turn, may lead to a crash of Services.exe.If this denial of service is combined with a number of other exploits, it may be possible to have this attack spawn a Debugger (ie Dr Watson) call on the host, which, if trojaned, may execute malicious code on the target host.
The URL Live! free webserver from Pacific software is susceptible to the "../" directory traversal vulnerability. By using the '../' string in a URL, an attacker can gain read access to files outside the intended web file structure.
The Internet Anywhere Mail Server has weaknesses that allow an attacker to remotely crash the server. Sending abnormally long arguments with certain POP3 and SMTP commands will cause the server to crash. These vulnerabilities have been exploited as denial-of-service attacks but could potentially be used for remote shell exploits.
Certain versions of AnyForm CGI did not perform user supplied data sanity checking and could be exploited by remote intruders to execute arbitrary commands. The commands were issued as the UID which the web server runs as, typically 'nobody'. The exploit involves creating a form with a hidden field and submitting it to the AnyForm CGI on the server.
Certain versions of Ascends (Lucent) router software listen on port 9 (UDP Discard). An attacker can send a specially formatted packet to UDP port 9 that will cause MAX and Pipeline routers running certain software versions to crash.
Certain versions of Ascends (Lucent) router software listen on port 9 (UDP Discard). An attacker can send a specially constructed UDP packet to the port 9 that will cause the routers to crash.
The PHP/FI package, specifically versions shipped with mylog.html and mlog.html, is vulnerable to an insecure file inclusion vulnerability. The issue arises from the lack of escaping slashes in the include statement, allowing an attacker to specify any file on the system and view its contents. By manipulating the 'screen' parameter in the URL, an attacker can access files accessible to the http daemon user id.
The phpMyBackupPro application is vulnerable to Local File Inclusion. The vulnerability exists in the definitions.php file, where user-supplied input is not properly validated before being used in a file include function. An attacker can exploit this vulnerability to include arbitrary files from the server, leading to remote code execution.
Services By CQR
