A remote user can view any file on the system by exploiting a vulnerability in PSCOErrPage.htm in Netscape PublishingXpert. This can lead to an information gathering attack and potential local access to the system.
The vulnerability exists in the code /lib/tree/layersmenue.inc.php in MyNewsGroups :) v. 0.6b, where the $myng_root variable is not properly sanitized before being used. This allows an attacker to include and execute remote files.
A specially crafted request via 'fp30reg.dll' could allow a user to execute arbitrary commands in the context of IWAM_machinename on a host running IIS 5.0. A host running IIS 4.0 could allow the execution of arbitrary commands in the SYSTEM context.
This exploit allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted S3M or IT file.
A maliciously crafted request could allow arbitrary code to run on the host in the Local System context. This vulnerability is currently being exploited by the 'Code Red' worm.
A buffer overflow vulnerability exists in the 'idq.dll' ISAPI extension of Windows Index Server and Indexing Service. A remote attacker could exploit this vulnerability by sending a maliciously crafted request, allowing arbitrary code execution in the Local System context. This vulnerability is currently being exploited by the 'Code Red' worm.
A buffer overflow vulnerability exists in rxvt. The error occurs when certain command line options with long arguments are passed to rxvt. Because rxvt is installed setgid 'utmp' by some system configurations, it may be possible for local users to execute arbitrary code/commands with these privileges.
The Winlog Lite SCADA HMI system is vulnerable to a SEH 0verwrite exploit. By injecting data into the Application Name field and selecting the Build option in the Tools menu, an attacker can execute arbitrary code. The exploit involves a buffer overflow of 9986 bytes, a pointer to the next SEH record, a SE handler, a non-SafeSEH address for bypassing SafeSEH protection, a NOP instruction, a jump to the ESP register, and a shellcode.
The cgiCentral's Webstore application is vulnerable to arbitrary command execution. The vulnerability exists in the Ws_mail.cgi script, which calls system() with user-supplied data without proper input validation. An attacker with administrative privileges can exploit this vulnerability to execute arbitrary commands on the webserver host. Remote attackers who can authenticate as administrators may also be able to exploit this vulnerability to gain access to the host.
A vulnerability exists in Webstore which may allow attackers to obtain administrative privileges. The vulnerability is due to a lack of filtering NULL bytes and occurs during the authentication process. In combination with BID 2861, an attacker may be able to execute arbitrary commands on a webserver running Webstore.
Services By CQR