This exploit allows a remote attacker to execute arbitrary code on a vulnerable system via a specially crafted HTTP request to the HP OpenView Network Node Manager. The vulnerability is due to insufficient validation of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system with the privileges of the web server process.
Adobe Version Cue's VCNative program writes data to a log file in the current working directory while running as (setuid) root. The logfile is formated as <cwd>/VCNative-<pid>.log, which is easily predictable. An attacker can link this file to any file on the system and overwrite its contents. The exploit works by overwriting /etc/crontab with '* * * * * root echo "ALL ALL=(ALL) ALL">/etc/sudoers' and log garbage. Within a short period of time crontab will overwrite /etc/sudoers and "sudo sh" to root is possible.
This exploit allows an attacker to create multiple users on GTChat .95. The attacker needs to provide the host, path to the chat directory, and the number of users to create. The script then creates the users with random usernames and passwords, and random emails. It does not verify whether or not the user is actually being created.
This exploit changes the admin's password for login with a power user.
Exploit code for the bug posted by Ulf Harnhammar (metaurtelia.com) which is a buffer overflow vulnerability in elm email client < 2.5.8 in Expires field. The exploit code adds an exploit buffer to the email and sends it using the elm command. The exploit buffer contains the address of the system() function, the address of the string to be executed and the address of the exit() function.
This module uses a vulnerability in the Solaris line printer daemon to delete arbitrary files on an affected system. This can be used to exploit the rpc.walld format string flaw, the missing krb5.conf authentication bypass, or simple delete system files. Tested on Solaris 2.6, 7, 8, 9, and 10.
BusinessMail email server system 4.60.00 is vulnerable to a Denial of Service (DoS) attack. The vulnerability is caused due to an unspecified error when handling overly long strings sent to the SMTP port (25). This can be exploited to crash the server by sending a specially crafted HELO or MAIL FROM command with an overly long string.
GTChat <= 0.95 Alpha is vulnerable to a remote Denial of Service (DoS) attack. The vulnerability is due to insufficient input validation of the 'language' parameter in the 'chat.pl' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'language' parameter to the vulnerable server. This will cause the server to crash, resulting in a DoS condition.
The Operator Shell (Osh) is a setuid root, security enhanced, restricted shell. It allows the administrator to carefully limit the access of special commands and files to the users whose duties require their use, while at the same time automatically maintaining audit records. The configuration file for Osh contains an administrator defined access profile for each authorized user or group. The problem is that the length of the current working directory plus the length of the file name is longer than 255 bytes, which causes a buffer overflow in temp3[]. The size limit of the current direcory is MAXPATHLEN, which is defined as 1024 on modern Linux systems. The limit for the file name is MAXFNAME, defined as 32 in struct.h:116. This code is in the writable() function, which is called by the handlers for built-in cp, vi, rm and test commands, as well as the redirect function.
Grandstream BT101/BT102 is vulnerable to a Denial of Service attack. An attacker can send a crafted UDP packet with a length of 65534 bytes to the port 5060 of the vulnerable device to reboot it or send a crafted UDP packet with a length of 65535 bytes to the port 5060 of the vulnerable device to shutdown it.
Services By CQR