Buffer overflow condition exist in URL handling, sending long GET request will cause server process to exit and may allow malicious code injection. Further research found that the application does not care about the HTTP method, so that by sending long characters will make the program crash.
Total Video Player has no correct input handling and will hang, when trying to open malformed .m3u files. .mp3 and .avi files are affected too
The netstd package in Debian GNU/Linux is vulnerable to two buffer overflow attacks. The first vulnerability is present in the bootp server, while the second vulnerability exists in the FTP client. The bootp server vulnerability can allow a remote attacker to fully compromise a vulnerable host by exploiting improper bounds checking in the handling of boot file/location specified in a bootp request packet and in the error logging facility. The FTP client vulnerability can be exploited by a local attacker to potentially elevate privileges.
The autofs kernel module does not check the size of the directory names it receives. It is passed the name and the names length through dentry->d_name.name and dentry->d_name.len respectively. Later on, it memcpy()'s the name into a 256 byte buffer, using dentry->d_name.len as the number of bytes to copy, without checking its size. A nonprivileged user may attempt to cd to a directory name exceeding 255 characters. This overwrites memory, probably the kernel stack and anything beyond it, and causes kernel errors or makes the machine reboot.
Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine.
The man command creates a temporary file under /tmp with a predictable name and is willing to follow symbolic links. This allows malicious local users to create arbitrarily named files by creating symbolic links to desired files.
The IBM Remote Control Software package allows a local user with a user-level account to execute code with administrator privileges. This vulnerability can be exploited by launching arbitrary code from the Process Manager interface, such as usrmgr.exe, musrmgr.exe, and regedt32.exe. The user can use these programs to grant administrator privileges to any account on the host or domain.
A buffer overflow vulnerability in pop2d version 4.4 or earlier allows malicious remote users to obtain access to the "nobody" user account. Once logged on, issuing a FOLD command with an argument of about 1000 bytes will cause a stack-based buffer overflow.
This exploit allows an attacker to retrieve the admin credentials of a Joomla website through a blind SQL injection vulnerability in the 'Weblinks' component. The exploit is a disclosure exploit and is a modified version of a previous exploit for Mambo. It includes an always true statement to avoid flooding the admin with email notifications about submissions. The exploit works even though the submissions do not succeed.
The Serv-U FTP server versions 2.5 and earlier are vulnerable to multiple buffer overflows. This can result in a denial of service and at worst in arbitrary code being executed on the system. The vulnerabilities are in the CWD and LS FTP commands if they are passed an argument a string longer than 155 characters.
Services By CQR