It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data. An attacker may exploit this issue to execute arbitrary commands in the security context of the web server hosting the vulnerable IkonBoard.
This exploit creates a filename to exploit the bug in bftpd 1.0.12. It creates a file, cwd in the shell directory and nlist the file directory. It uses a loop to add 0x20 to the string (/bin/sh -= 0x20) to yield /bin/sh after addition.
A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory. Successful exploitation of this issue could allow an attacker to execute arbitrary commands, with the privileges of the Samba process.
The EZ Server software is vulnerable to a buffer overflow attack when it receives strings of excessive length. This can be exploited by sending a string of A characters with a length of 1993 or 1994 to the ls or cd command respectively. This will cause the server to crash, denying service to legitimate users.
Monkey HTTP Daemon is prone to a boundary condition error. This condition occurs when the server attempts to handle excessive HTTP POST data. Exploitation could allow a remote attacker to corrupt sensitive regions of memory with attacker-supplied values, resulting in code execution. Exploitation attempts may also result in a denial of service.
Advanced Poll is vulnerable to an information disclosure vulnerability. A remote user can access privileged information by accessing the info.php files located in the poll_dir/db/ and poll_dir/textfile/ directories. This information can be used to further attack the host and its users.
Simple Chat! is a web-based chat application that does not restrict access to sensitive information by default. An attacker can exploit this vulnerability by accessing the usr.dat file located in the chat/data directory, which contains sensitive information such as usernames and passwords.
Samba is prone to a buffer-overflow vulnerability when the 'service tries to reassemble specially crafted SMB/CIFS packets. An attacker can exploit this vulnerability by creating a specially formatted SMB/CIFS packet and sending it to a vulnerable Samba server. The overflow condition will be triggered and will cause smbd to overwrite sensitive areas of memory with attacker-supplied values.
VPOPMail is vulnerable to command injection due to insufficient sanitization of user-supplied input. An attacker can manipulate URI parameters to include malicious system commands, which will be executed with the privileges of the web server process.
It has been reported that a stack overflow exists in the file program. It is likely that this issue could be exploited to execute code as the user invoking file. The exploit code does cp /bin/sh /tmp/.sh;chmod 4755 /tmp/.sh and also echos the correct filename followed by ': data'. This exploit works without silly targets or offsets.
Services By CQR