The Carbo Server component of the iCat Electronic Commerce Suite does not properly validate HTTP requests for files and will grant access to any object residing on the system. A remote user can exploit this vulnerability to retrieve known files on a target system by sending a specially crafted HTTP request.
This exploit allows remote attackers to cause a denial of service (crash) via a crafted signal during the handling of certain prior signals.
The vulnerability exists in software versions 6.1(1), 6.1(1a), and 6.1(1b) for Catalyst 4000, 5000, and 6000 devices that support SSH and 3 DES encryption. If a connection is made to the SSH service on a vulnerable Catalyst device and the protocol mismatch error occurs, the device will be reset.
A problem exists in the Oops proxy server package which could allow for the arbitrary execution of code. Multiple buffer overflows exist, including one that can be triggered by sending a request with numerous quotation marks that are later translated to the HTML tag '"', allowing for stack overflow and potential code execution. Another buffer overflow can be triggered by forcing the proxy to attempt to resolve a long host/domain name, allowing for stack-based overflow and potential arbitrary code execution.
A buffer overflow vulnerability exists in the DNS resolution code of BitchX IRC client. This vulnerability allows a malicious user to generate a malformed DNS packet and overwrite stack variables, potentially leading to remote code execution with the privileges of the BitchX client. The attacker must have control over their own DNS to exploit this vulnerability.
The API Srv_paraminfo() in Microsoft SQL Server and Data Engine is vulnerable to a buffer overflow. Attackers can pass an overly long string to the XP xp_peekqueue, causing a buffer overflow and potentially crashing the SQL Server or executing arbitrary code on the target system. The attacker would need to overwrite the return address of the calling function with the address of supplied shellcode in memory. This vulnerability requires successful login to the SQL server.
The API Srv_paraminfo(), which is implemented by Extended Stored Procedures (XPs) in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or arbitrary code to be executed on the target system depending on the data entered into the buffer.
The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook (undetermined at the time of writing) are vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. This can be accomplished by specifying the path and filename as the parameter 'template' to either rguest.exe or wguest.exe - see Exploit for example. These two programs typically reside in /cgi-bin. A request for http://server/cgi-bin/wguest.exe?template=c:boot.ini will return the remote Web server's boot.ini.
Sending an outgoing email containing six "%20" followed by any character within the recipient field crashes the WebShield SMTP application, resulting in an access violation error. It is unverified whether arbitrary code execution is possible.
This exploit allows a remote user to execute code in the Ethereal package. The problem exists in the AFS packet parsing routine, where an algorithm string scans the contents of a packet into a buffer without checking the size of the string. This can lead to overwriting other values on the stack, including the return address, and allows a malicious user to execute code with a custom-crafted packet.
Services By CQR