The Easy Software Products lppasswd utility is prone to a locally exploitable denial-of-service vulnerability. The issue occurs when the program attempts to write a file to the system that will exceed any file size resource limits in place. An unprivileged user with CUPS credentials can set these resource limits and then invoke the application, which will create an empty '/usr/local/etc/cups/passwd.new' file. Subsequent invocations of lppasswd will fail if this file is present. Successful exploitation of this vulnerability will prevent users from changing their CUPS passwords with lppasswd.
html2hdml is prone to a buffer overflow vulnerability. This issue is exposed when converting HTML files to HDML (Handheld Device Markup Language). Since HTML files may originate from an external or untrusted source, this vulnerability is considered remote in nature. Successful exploitation may result in execution of arbitrary code in the context of the user running the application.
o3read is prone to a buffer overflow vulnerability. This issue occurs when the program parses HTML content during file format conversion. It is considered a remote vulnerability as files may originate from an external or untrusted source. Successful exploitation of this vulnerability can lead to code execution with the privileges of the user running the application.
LinPopUp is prone to a remote buffer overflow vulnerability. The application fails to perform proper boundary checks before copying user-supplied data into sensitive process buffers. An attacker can exploit this vulnerability by crafting a malicious message containing excessive string data, replacement memory addresses, and executable instructions, which can lead to unauthorized access to a computer.
The Convex 3D application is susceptible to a stack-based buffer overflow vulnerability. This vulnerability occurs due to a failure in checking the bounds of user-supplied image data before copying it into a fixed-size memory buffer. Remote attackers can exploit this vulnerability to alter the flow of execution of the application, potentially leading to the execution of attacker-supplied machine code within the context of the application.
rtf2latex2e is susceptible to a stack buffer overflow vulnerability. This issue occurs when the application fails to properly bounds check user-supplied image data before copying it into a fixed-size memory buffer. Remote attackers can exploit this vulnerability to alter the flow of execution, potentially executing attacker-supplied machine code in the context of the application when reading a malicious RTF file.
NASM is prone to a buffer overflow. This condition is exposed when the application attempts to assemble a source file that contains malformed '%error' preprocessor directive arguments. Since the source file may originate from an external or untrusted source, this vulnerability is considered remote in nature. Successful exploitation will permit arbitrary code execution with the privileges of the user running the application.
QwikMail (qwik-smtpd) is prone to a remotely exploitable buffer overflow vulnerability due to insufficient bounds checking of client-supplied SMTP HELO request data. This issue could be exploited to execute arbitrary code and potentially allow a remote attacker to abuse the server as an unauthorized mail relay.
This is a proof of concept for an ARP overflow vulnerability. The exploit code is designed to run shellcode written by Cheez Whiz. It has been tested on x86 Solaris 7 and 8 beta. The default settings should work, but if not, the offset can be adjusted by providing a command line argument.
The SSH_BRUTE tool is a remote users discovery tool that exploits a vulnerability in OpenSSH/PAM <= 3.6.1p1. It allows an attacker to test for the existence of valid user accounts on a target system by brute-forcing the authentication process. By sending multiple authentication requests with an illegal user and measuring the response time, the tool can determine if the user account exists. This can be used to gather information for further attacks or to identify potential targets for password guessing attacks.