By using a workaround in Word or Excel, a user can bypass the application restrictions set by Zero Administration Kit (ZAK). The user can open the File:Open window, right-click on the background, select 'Browse', and open Windows Explorer. From there, the user can create a special directory in the temp folder and copy the executables of forbidden applications into it. These applications can then be executed, circumventing ZAK's policies.
The Smurf denial of service exploits the existence and forwarding of packets sent to IP broadcast addresses. By creating an ICMP echo request packet, with the source address set to an IP within the network to be attacked, and the destination address the IP broadcast address of a network which will forward and respond to ICMP echo packets sent to broadcast. Each packet sent into the network being used to conduct the attack will be responded to by any machine which will respond to ICMP on the broadcast address. Therefore, a single packet can result in an overwhelming response count, all of which are directed to the network the attacker has forged as the source. This can result in significant bandwidth loss.
The Wwwcount CGI program is vulnerable to a buffer overflow in the QUERY_STRING environment variable. This allows remote attackers to execute arbitrary commands with the privileges of the Wwwcount program.
The Teardrop denial of service attack exploits a flaw inherent to multiple vendor TCP/IP stacks. This attack can be delivered by sending 2 or more specially fragmented IP datagrams, causing the TCP/IP stack to allocate unusually large resources to reassembling the packets. This can lead to system freezing or rebooting due to insufficient memory.
An implementation fault in the ToolTalk object database server allows a remote attacker to run arbitrary code as the superuser on hosts supporting the ToolTalk service. The affected program runs on many popular UNIX operating systems supporting CDE and some Open Windows installs. The ToolTalk service allows independently developed applications to communicate with each other by exchanging ToolTalk messages. Using ToolTalk, applications can create open protocols which allow different programs to be interchanged, and new programs to be plugged into the system with minimal reconfiguration. The ToolTalk database server (rpc.ttdbserverd) is an ONC RPC service which manages objects needed for the operation of the ToolTalk service. ToolTalk-enabled processes communicate with each other using RPC calls to this program, which runs on each ToolTalk-enabled host. This program is a standard component of the ToolTalk system, which ships as a standard component of many commercial Unix operating systems. The ToolTalk database server runs as root. Due to an implementation fault in rpc.ttdbserverd, it is possible for a malicious remote client to formulate an RPC message that will cause the server to overflow an automatic variable on the stack. By overwriting activation records stored on the stack, it is possible to force a transfer of control into arbitrary instructions provided by the attacker in the RPC message, and thus gain total control of the server process.
An implementation fault in the ToolTalk object database server allows a remote attacker to run arbitrary code as the superuser on hosts supporting the ToolTalk service. By overwriting activation records stored on the stack, it is possible to force a transfer of control into arbitrary instructions provided by the attacker in the RPC message, and thus gain total control of the server process.
The vulnerability is a buffer overflow in the mount daemons logging code which is supposed to log unauthorized mount attempts. This allows remote attackers to execute arbitrary code or cause a denial of service.
The vulnerability allows an attacker to display and delete arbitrary files on the system by exploiting a URL parameter in ColdFusion. The attacker can also upload and execute ColdFusion files without them being deleted.
The MetaWeb server bundled with MetaInfo products does not restrict access to the root directory, allowing an attacker to retrieve known files by using the /../ notation to escape to higher levels of the file structure. This vulnerability can be exploited through the web UIs of products like MetaIP and Sendmail, and can be used to retrieve sensitive files such as password files.
It is possible to run arbitrary code on any Intel machine running Cheyenne Inoculan version 4.0 for Windows NT prior to SP2. Inoculan runs as a service, called "Cheyenne InocuLAN Anti-Virus Server". When it starts, it replaces any shared directory with the same name and shares "CHEYUPD$" with full control for the everyone group. When the service starts, it does an update check in this directory (usually "C:InoculanUpdate") using the files ""<NtBox>CHEYUPD$EnglishNtIntelReadyfilelist.txt"" and [idem]...avh32dll.dll. Simply ""touching"" or modifying the file ""filelist.txt"" to look younger than real causes the update. The update causes the service to stop
Services By CQR