A vulnerability has been discovered in the Linux /bin/mail utility. The problem occurs when processing excessive data within the carbon copy field. Due to insufficient bounds checking while parsing this information it may be possible to trigger a buffer overrun. An attacker could exploit this issue to execute arbitrary commands.
A vulnerability has been discovered in the 'philboard_admin.asp' script used by Philboard. The problem occurs during authentication and may allow an attacker to gain unauthorized administrative access. The issue presents itself when handling cookie-based authentication credentials. By gaining administrative access an attacker may be capable of carrying out a variety of attacks. It should be noted that although this vulnerability has been reported to affect philboard version 1.14 previous versions might also be affected. Use telnet and open target on port 80 GET /board/philboard_admin.asp HTTP/1.0 Host: example.com Cookie: philboard_admin=True; Download the database (users and password): Usually, the database location can be found and download it from: http://www.target.com/database/philboard.mdb or http://www.target.com/forum/database/philboard.mdb
Batalla Naval is prone to a remotely exploitable buffer overflow when handling requests of excessive length. This could allow for execution of malicious instructions in the context of the game server.
A buffer overflow vulnerability has been reported for the MediaMail binary that may result in a user obtaining elevated privileges. An attacker, using a custom crafted string, could overwrite stack memory, including the return address of a function, and potentially execute arbitrary code with group 'mail' privileges.
The cupsd has been reported prone to a denial of service vulnerability. Reportedly the cupsd does not adequately apply a time-out process for malicious HTTP requests and service is denied to subsequent cupsd requests. This issue may be exploited by remote attackers to deny cupsd service to valid users.
This exploit is for LPRng 3.6.22/23/24 on x86 Linux. It uses a buffer overflow to execute arbitrary code. The exploit is written in C and uses a NOP sled to make it easier to hit the shellcode.
A buffer overflow vulnerability has been reported for CMailServer. The vulnerability exists due to insufficient bounds checking when parsing e-mail headers. Specifically, an overly long RCPT TO e-mail header will cause CMailServer to crash and corrupt sensitive memory.
A buffer overflow has been discovered in the setuid root program gds_inet_server, packaged with Firebird. This problem could allow a local user to execute the program with strings of arbitrary length. By using a custom crafted string, the attacker could overwrite stack memory, including the return address of a function, and potentially execute arbitrary code as root.
It has been reported that youbin is vulnerable to a locally exploitable buffer overflow. The problem is said to occur while processing environment variables. Specifically, an internal memory buffer may be overrun while handling a HOME environment variable containing excessive data. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the youbin process, typically root.
It has been reported that TW-WebServer is prone to a denial of service vulnerability. Reportedly when an excessive quantity of data is sent to the TW-Webserver as part of a malicious HTTP GET request the server will fail. Although unconfirmed, due to the nature of this vulnerability, an attacker may have the ability to supply and execute arbitrary code.
Services By CQR