The Smartmax MailMax email server for Windows 95/98/NT is vulnerable to buffer overflow attacks against the SMTP-command processing function. This vulnerability can be exploited to execute arbitrary commands with the privileges of the SMTP process.
Specially crafted e-mail headers are incorrectly processed in Majordomo versions prior to 1.91, allowing the execution of arbitrary commands with the privileges of Majordomo. This can be done by including malicious code in the 'Reply-to' field of an email.
Microsoft Windows NT 4.0 is subject to a denial of service due to the implementation of incorrect permissions in a Mutex object. A local user could gain control of the Mutex on a networked machine and deny all network communication.
An attacker can remotely access certain scripts in the /scripts/iisadmin directory of Microsoft Internet Information Server (IIS) 3.0, which can lead to the disclosure of sensitive information about the server's directory structure.
Versions of icecast up to and including 1.3.8 beta2 exhibit a format string vulnerability in the print_client() function of utility.c. A malicious user can cause the *printf function to overwrite memory at possibly arbitrary addresses.
By supplying an excessively long string as an argument for a SELECT statement, it is possible for a local attacker to overflow mysql's query string buffer. As a result of this overflow, excessive data copied onto the stack can overwrite critical parts of the stack frame such as the calling function's return address. Since this data is supplied by the user, it can be made to alter the program's flow of execution.
Linux kernel versions 2.1.89 to 2.2.3 are vulnerable to a denial of service attack caused when a 0-length IP fragment is received, if it is the first fragment in the list. Several thousands 0-length packets must be sent in order for this to initiate a denial of service against the target.
The SNMP service provided with NT Server 4.0 and NT Server 4.0 Terminal Server Edition allow a remote user to delete WINS records, initiating a denial of service against the network. The attacker must know the SNMP community name and be able to access the SNMP service. Regular access control functions are bypassed by the SNMP function, and SNMP community names are often left at their default values (e.g., 'public').
This module exploits a stack-based buffer overflow vulnerability in version 2.1 of CuteZIP. In order for the command to be executed, an attacker must convince the target user to open a specially crafted zip file with CuteZIP. By doing so, an attacker can execute arbitrary code as the target user.
The 'main.cgi' script in Technote Inc. Multi-Communication Package allows remote attackers to read arbitrary files and execute arbitrary commands via a ../ (dot dot slash) in the filename parameter.
Services By CQR