Cerberus FTP Server is vulnerable to a Denial of Service attack. An attacker can send a specially crafted packet to the server, causing it to crash. This exploit does not require authentication.
A buffer overflow vulnerability exists in BulletProof FTP Client v. 2.63 build 56 and possibly older versions. The vulnerability is caused due to a boundary error when handling Session-File (.bps) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .bps file. Successful exploitation may allow execution of arbitrary code.
An attacker can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.blend' file. The following proof of concept demonstrates this issue: Open the 'Text Editor' Panel, right click on the canvas and select 'New', write python code, input a name for the script, open the 'Buttons Window' panel, from the 'panel' dropdown choose 'Script', check that 'enable script links' is active, click on 'new', select the script, choose 'OnLoad' from the event dropdown list, and save the project.
Attackers can use readily available tools to exploit this issue. The example POST data is available which includes a malicious XML payload that can be used to read the /etc/passwd file.
Cookie Injection is a type of vulnerability that occurs when an attacker injects malicious code into a legitimate web browser cookie. This malicious code can be used to gain access to a user's account or to gain access to sensitive information. The attacker can also use the malicious code to modify the contents of the cookie, which can be used to bypass authentication or authorization checks. The attacker can also use the malicious code to redirect the user to a malicious website.
The Apache 'mod_perl' module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
AlleyCode HTML Editor is vulnerable to a buffer overflow vulnerability when a specially crafted HTML file is opened and the Optimizer tool is used. This can lead to arbitrary code execution. The vulnerability is caused by the lack of proper validation of user-supplied input when processing the HTML file.
Xpdf is prone to an integer overflow vulnerability which allows local and remote attackers to overflow buffer on heap. This vulnerability can also lead to a NULL pointer dereference attack. The vulnerability exists in the gmalloc() function in the gmem.cc file, which is called by the drawImage() function in the Splash.cc file. If a negative value is passed to the gmalloc() function, Xpdf will exit and print an error message. If a 0 (zero) value is passed, the function will return NULL. Otherwise, a normal call to malloc() will be made.
xp-AntiSpy is vulnerable to a local buffer overflow vulnerability. The program does not check the imported data in any way. If an attacker imports a malicious profile and selects it, the program will crash. This can lead to a register being controlled, allowing for potential code execution.
Xion Audio Player is vulnerable to a buffer overflow when a specially crafted .m3u file is opened. This can be exploited to cause a stack-based buffer overflow by corrupting the memory of the application. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
Services By CQR