A malicious user with upload permissions to the target host can cause a buffer overflow in EFTP to execute code of the attacker's choosing. The attacker can potentially use this exploit to open a bindshell on the target host. Another possible result of this exploit is a denial of service.
SpeechD, a device-independent layer for speech synthesis under Linux, is vulnerable to a local command execution flaw. This vulnerability allows a local user to pass malicious commands to the /dev/speech device, which can be executed with the privilege level of the speechd user (usually root). An attacker can exploit this vulnerability by injecting malicious commands using the echo command and redirecting the output to /dev/speech.
The msgchk utility in certain versions of Digital Unix is vulnerable to a buffer overflow. This vulnerability can be exploited by a local user by invoking the msgchk utility with a long string of bytes, triggering a buffer overflow condition. If msgchk is running with suid root privileges, this can allow an attacker to execute hostile code as root, granting them administrative access to the system.
The Source Code Browser's Program Database Name Server Daemon (pdnsd) component of the C Set ++ compiler for AIX contains a remotely exploitable buffer overflow. This vulnerability allows local or remote attackers to compromise root privileges on vulnerable systems.
An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as a path when opening its 'keylist.txt' file. If an attacker is able to create a malicious 'keylist.txt' file on a vulnerable host, it may be possible for the attacker to cause arbitrary commands to be executed by the sdbsearch.cgi script.
A vulnerability exists in Microsoft IIS 4.0 and 5.0 that could allow a user with permission to write content to the IIS server to run any code in Local System context. This exploit generates a file called ssi.shtml and requires write access to the web root of the target web server. By accessing the file using a web browser, a SYSTEM shell will appear in the Netcat session.
An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of some variables in phpBB. It is possible for users registered with the phpBB system to submit values for certain variables used internally by some scripts in the package. An attacker may be able to circumvent the loading of certain values used in the package, and thus be able to submit values of his or her choice. In the 'page_header.php' script, one such variable is evaluated using PHP's eval() command. As a result, it may be possible for a remote attacker to submit values causing the execution of arbitrary commands on the system running phpBB.
The version of xlock that ships with Solaris as part of OpenWindows contains a heap overflow in its handling of an environment variable. Local attackers may be able to execute arbitrary code with effective privileges of xlock.
A problem with the web server could allow a remote user to execute arbitrary commands, and potentially gain local access to the system. The problem is in the validation of URLs that have been encoded in hex. By encoding an URL in hex, it is possible to bypass any filtering for directory traversal, and execute arbitrary programs on the local system.
WS-FTP Server is vulnerable to malicious remote user input argumenting multiple FTP commands received from anonymously connecting clients. An attacker may supply a long sequence of characters as an argument to any of the affected commands. If the length of the argumenting string exceeds the size of its input buffer, the excess data will overwrite other variables on the stack and the stack frame itself. As a result, an attacker can replace the affected function's return address with a pointer to malicious shellcode, allowing arbitrary code to run with SYSTEM privilege.
Services By CQR