This exploit allows an attacker to add an admin user to the VamCart v0.9 software by submitting a form with hidden fields containing the necessary user information.
A buffer overflow vulnerability in the error reporting code of the lpsched program in DGUX UNIX allows a local user to execute arbitrary code with the euid of root. By placing a request to the lpsched program consisting of a long and non-existing host name, an attacker can trigger the buffer overflow and gain root privileges.
A successfully logged-in user, via IMAP, could cause MDaemon to terminate the connection. If the user submits either a 'SELECT' or 'EXAMINE' command appended with 250 or more characters, MDaemon will refuse any new connections to the IMAP service. A restart of the service is required in order to gain normal functionality.
A vulnerability exists in Services for Unix 2.0 that allows a remote user to execute arbitrary commands on a target machine by crafting a URL with command line parameters to the telnet client. The telnet client initiates the logging of session information, allowing an attacker to write and execute arbitrary commands.
The Nullsoft Tracker 2 Module Player is vulnerable to a buffer overflow. An attacker can craft a specially crafted module file that, when opened by the player, triggers the buffer overflow and allows for remote code execution.
SnmpXdmid in Solaris versions 2.6, 7, and 8 is vulnerable to a remotely exploitable buffer overflow vulnerability. The overflow occurs when snmpXdmid attempts to translate a 'malicious' DMI request into an SNMP trap. An attacker can gain superuser access by successfully exploiting this vulnerability.
At least one version of LICQ is vulnerable to a remote buffer overflow. By sending many characters (12000-16000) to the port on which LICQ is listening, an attacker can cause excessive data to be copied onto the stack and overwrite critical parts of the stack frame such as the calling functions' return address. Since this data is supplied by the user it can alter the program's flow of execution.
Versions of CTRLServer are vulnerable to malicious user-supplied input. A failure to properly bounds-check data passed to the cfgfileget() command leads to an overflow, which, properly exploited, can result in remote execution of malicious code with root privilege.
Versions of SCO Unix calserver are vulnerable to a buffer overflow attack which can permit root access to a remote attacker. The vulnerability is due to a lack of proper input validation in the calserver executable. By sending a specially crafted message to the calserver, an attacker can overwrite the stack and execute arbitrary code with root privileges.
A remote user can gain read access to directories outside the root directory of an AOLserver by requesting a specially crafted URL composed of '.../' sequences. This will disclose an arbitrary directory.
Services By CQR