An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory. Successful exploitation of this issue would allow an attacker to execute arbitrary commands with the privileges of the Half-Life server.
A denial of service vulnerability has been reported for iCal. The vulnerability occurs when iCal receives a specially formatted HTTP request. This will cause iCal to crash thereby leading to a denial of service.
This exploit is for SuSE 7.0 - x86. It is a local buffer overflow exploit which uses a sgid 'video' (33) by default. It uses NOP instructions to fill the buffer and then executes the shellcode to gain access to the system. The exploit is written in C language.
APBoard is vulnerable to an unauthorized access vulnerability due to the 'useraction.php' script failing to properly check user credentials. This allows an attacker to access private threads by manipulating the 'threadid' parameter in the URL.
A vulnerability has been reported in the web administration interface of the RaQ4. It is possible for a remote attacker to execute commands. By passing malicious email parameter to the vulnerable CGI script, commands are carried out in the security context of the administration server.
A format string vulnerability has been discovered in Exim. The problem occurs in the daemon_go() function. By supplying malicious format strings via the command line, it is possible for an attacker to execute arbitrary code with root privileges.
Lib CGI is a freely available, open source CGI library for C programmers. It has been reported that a buffer overflow exists in the Lib CGI development library due to improper bounds checking in an include file. This could result in an attacker gaining remote access with the privileges of the web server process.
By passing a small content length value to the server and triggering the server to make a second recv() of POST data, it is possible to overrun a buffer. An attacker may exploit this condition to overwrite arbitrary words in memory through the free() function. This may allow for the execution of arbitrary code.
A remotely exploitable buffer overrun condition has been reported in the XFS font server, fs.auto used by multiple vendors. This vulnerability may be exploited by remote attackers to execute commands on the target host with privileges of user nobody.
vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running vBulletin. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.
Services By CQR