A remote user could utilize the administrator functions of Interscan Viruswall without providing authentication credentials. This may allow the user to make configuration changes when submitting specially crafted URLs to the host.
A buffer overflow vulnerability in TIAtunnel allows a remote user to gain a local shell. By overwriting variables on the stack, including the return address, an attacker can execute arbitrary code and gain remote shell access with the permissions of the TIAtunnel process.
Submitting a specially crafted GET request for a known file (.php, .pl, or .shtml), could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space.
The mailtool program included with OpenWindows in Solaris contains a buffer overflow vulnerability. This vulnerability may allow local users to execute arbitrary code or commands with the group 'mail' privileges. The overflow occurs when a string exceeding approximately 1010 characters is given as the OPENWINHOME environment variable.
A vulnerability exists in the handling of debug registers in Windows 2000. It is possible for unprivileged processes to create breakpoints for arbitrary processes. This can be used to 'kill' arbitrary processes without administrative privileges. Since it is possible for an unprivileged process to terminate arbitrary processes, depending on the programs involved, this vulnerability could be used to leverage other attacks. Including a denial of service or elevating privileges by 'impersonating' a trusted named pipe.
This exploit allows remote code execution in SWS 2.2-rc2 by bypassing ASLR using egghunting technique.
This module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. This flaw is also being exploited in the wild, and there is no patch from Oracle at this point. The exploit has been tested to work against: IE, Chrome and Firefox across different platforms.
xt:Commerce suffers from a stored XSS vulnerability when parsing user input to the 'products_name_de' parameter via POST method thru '/xtAdmin/adminHandler.php' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
A remote user can execute arbitrary commands on a host using Carello Shopping Cart software. By sending a specially crafted HTTP request, the inetinfo.exe process can consume all available system resources, causing it to refuse any new connections. If the HTTP request includes arbitrary code, it will be executed with the privileges of the web server.
A problem in the firmware of the 3Com OfficeConnect 812 DSL router allows a remote user to reboot the router by connecting to the HTTP daemon and requesting a long string. This can result in a denial of service, affecting the legitimate users of networks serviced by the router.
Services By CQR