There is an unchecked buffer in the code that parses the GET requests, and a request of 537 bytes or longer will overwrite the EIP register. This overflow can allow arbitrary code to be run on the machine by a remote attacker. There are also many other unchecked buffers in the code, each of which could potentially be exploited in this manner.
The Mirabilis ICQ client is vulnerable to a remote buffer overflow. When the client parses a URL received from another user inside a message, it does not perform bounds checking on the length of the URL. This allows an attacker to overwrite the EIP (instruction pointer) and execute arbitrary code on the target host.
Allows running any file, bypassing virtualization policy and conducting phishing attacks
This is an exploit for the locale format string vulnerability in Solaris/SPARC 2.7 / 7. The exploit allows an attacker to execute arbitrary code with the privileges of the vulnerable program. The exploit is based on the exploit by Warning3 and was modified by Solar Eclipse. The exploit uses a format string vulnerability in the Solaris/SPARC operating system to overwrite the return address and execute shellcode.
The w3-msql cgi-program, shipped with Mini-SQL, is vulnerable to multiple buffer overflow vulnerabilities. One of these vulnerabilities has been proven to be exploitable. The exploit involves overflowing the stack inside a scanf() call using the content-length field. By exploiting this vulnerability, an attacker can execute arbitrary code remotely with the privileges of the webserver (usually nobody).
Netscape Communicator 4.5 has an unchecked buffer, through which code can be injected for execution via the prefs.js preferences file. This could be exploited locally to run arbitrary code at the privilege level of the current user.
The ZBServer Pro 1.5 has an unchecked buffer vulnerability in the code that handles GET requests. This vulnerability allows for the execution of arbitrary code.
This exploit crashes a RealMedia 5.0 server by sending a very long ramgen request. It sends a GET request with a payload of 4082+ bytes, causing the server to crash. Regular functionality can be restored by restarting the RealServer software.
IMail keeps the encrypted passwords for email accounts in a weak encryption scheme. The scheme involves converting each letter of the account name and password to their ASCII equivalent, applying offsets and differences, and looking up the new ASCII values in a table to obtain the encrypted password.
i20dialogd daemon in UnixWare operating system is vulnerable to a buffer overflow attack. The authentication mechanism of the daemon does not perform bounds checking on the username/password buffers, allowing an attacker to overflow the buffer and execute arbitrary code. Exploit code needs to be base64 encoded before being sent to the server.
Services By CQR