Darxite 0.4 does not do proper bounds checking on user-supplied data during the login process, relying on sprintf() to deliver the data into a 256 character buffer. Therefore, it is possible for an attacker to supply arbitrary code for execution at the privilege level of the Darxite user.
The xlockmore program is vulnerable to a format string vulnerability that can be exploited to execute arbitrary code with root privileges. By supplying format strings in the display value (-d option), an attacker can overwrite values on the stack and gain control of the program. This vulnerability affects all versions of xlock derived from xlockmore, including the version shipped with various operating systems.
A vulnerability exists in the telnet daemon shipped with Irix versions 6.2 through 6.5.8, and in patched versions of the telnet daemon in Irix 5.2 through 6.1, from Silicon Graphics (SGI). The telnetd will blindly use data passed by the user in such a way as to make it possible for a remote attacker to execute arbitrary commands with the privileges of the daemon. In the case of the telnet daemon, this is root privileges.The telnet daemon, upon receiving a request via IAB-SB-TELOPT_ENVIRON request to set one of the _RLD environment variables, will log this attempt via syslog(). The data normally logged is the environment variable name, and the value of the environment variable. The call to syslog, however, uses the supplied variables as part of the format string. By carefully constructing the contents of these variables, it is possible to overwrite values on the stack such that supplied code may be executed as the root user.This vulnerability does not exist in unpatched versions of Irix 5.2 through 6.1. It was introduced in these versions via patches designed to address the vulnerability outlined in CERT advisory CA-95:14. This was addressed in the 1010 and 1020 series of patches. If these patches are not installed, the system is not vulnerable to this specific attack.
Mediahouse Statistics Server LiveStats is susceptible to a buffer overflow attack if a URL in a GET request contains over 2030 bytes. Depending on the data inserted into the request, the application will crash or can be forced to execute arbitrary code.
The Service Control Manager (SCM) in Windows 2000 uses predictable named pipe names for controlling services. Any user process can create a named pipe with the next name and force a service, they can start, to connect to the pipe. Once connected, the user process can impersonate the service, which in most cases runs in the SYSTEM account. This vulnerability allows a local user to gain Administrator account status by crafting an exploit.
The program dmplay in certain versions of IRIX is vulnerable to a buffer overflow attack. The issue arises due to the improper handling of the DISPLAY variable, allowing an attacker to supply a long string and overwrite the buffer.
This vulnerability allows an attacker to execute malicious code on client-side browsers by exploiting the scripting capabilities of rogue websites. By uploading JSP or JHTML code to a vulnerable web server, an attacker can execute arbitrary code.
The vulnerability allows an attacker to inject SQL statements in the class_session.php file by spoofing the IP address through the CLIENT-IP HTTP header.
This exploit takes advantage of a buffer overflow vulnerability in Mini-stream RM-MP3 Converter version 3.1.2.1.2010.03.30. By creating a specially crafted m3u file, an attacker can trigger a buffer overflow and potentially execute arbitrary code on the target system. This exploit bypasses both ASLR and DEP protections.
This exploit allows an attacker to execute arbitrary code on a vulnerable Symantec Web Gateway version 5.0.3.18. The exploit takes advantage of a vulnerability in the pbcontrol.php file, allowing the attacker to inject and execute their own code.
Services By CQR