Winamp versions prior to 2.7x are vulnerable to a buffer overflow when processing Audiosoft parameter files (*.AIP). An attacker can insert a large sequence of characters into an *.AIP file, causing a stack overflow. This allows the attacker to overwrite critical parts of the stack frame and potentially execute arbitrary code on a vulnerable system.
This vulnerability allows an attacker to execute arbitrary code on the target system using the navigator object in JavaScript. The exploit was tested on Firefox 1.5.0.4 on Windows 2000 SP4, Windows XP SP4, and Gentoo Linux. The bug was reported by TippingPoint and fixed in the latest release (1.5.0.5) of Mozilla Firefox. The exploit attempts to launch 'calc.exe' on Windows systems and 'touch /tmp/METASPLOIT' on Linux systems.
This exploit targets the Security Analyzer software developed by eiQnetworks. It allows an attacker to execute arbitrary code on the target system. The exploit takes advantage of a buffer overflow vulnerability in the software.
A user can create a symbolic link in /tmp with the name ppd.trace and overwrite any file on the system, potentially denying service to legitimate users and gaining elevated privileges.
The Kodak Color Management System configuration tool 'kcms_configure' is vulnerable to a buffer overflow that could yield root privileges to an attacker. The bug exists in the KCMS_PROFILES environment variable parser in a shared library 'kcsSUNWIOsolf.so' used by kcms_configure. If an overly long KCMS_PROFILES variable is set and kcms_configure is subsequently run, kcms_configure will overflow. Because the kcms_configure binary is setuid root, the overflow allows an attacker to execute arbitrary code as root.
Several vulnerabilities are present in the op5 Monitoring software, including SQL Injection, Cross Site Request Forgery, and Stored XSS. These vulnerabilities can be triggered with different levels of authentication and can result in various consequences, ranging from interesting to annoying. One particularly interesting vulnerability allows the admin or default monitor user to run shell commands from the web interface, potentially leading to a shell if certain conditions are met. The vulnerabilities require post-authentication access to the web application, meaning that even a low-privilege user can initiate the attack. By leveraging the XSS and CSRF vulnerabilities, an attacker could trick higher privileged users into setting up a Bind-Shell.
The Interscan Viruswall software package contains a vulnerability that allows a remote attacker to execute arbitrary commands with root privileges on the system. The vulnerability is due to buffer overflows in the cgi programs used by the management interface of Interscan Viruswall. By exploiting these buffer overflows, an attacker can execute arbitrary commands by sending a specially crafted request to the vulnerable system.
A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. cfingerd queries and logs the remote username of users of the service. If an attacker sets up a remote machine that returns specific format strings instead of a valid username, and connects to cfingerd from that machine, he can exploit the format string bugs. Because cfingerd runs as root, this means the attacker gains full control of the cfingerd host.
The flaw in the implementation of the PGP ASCII Armor decoder allows an attacker to create an arbitrary file on a user's system. This can be exploited by decoding a specially crafted .sig file that contains malicious instructions to create the desired file. The attacker can choose the location and content of the file.
The Etomite CMS version <= 0.6.1 is vulnerable to remote command execution. By uploading an image file and renaming it with a .php extension, an attacker can execute arbitrary commands on the target server.
Services By CQR