MyWebServer is an application and web server for Microsoft Windows operating systems. MyWebServer includes a number of web based functions, including a search engine. MyWebServer suffers from a remote buffer overflow vulnerability. If a parameter longer than 990 characters is submitted to the included search engine, this condition will be exploited. It has been reported possible to execute arbitrary code as the MyWebServer process. Crashing the process may also result in a denial of service condition.
This exploit takes advantage of multiple subsystem errors in order to gain root access. The exploit involves using /etc/rc.d/ and scripts that are trusting the untrustworthy, as well as using /bin/sh to create a mode 666 file with an easily predictable name, containing the pid as the only variant. This exploit can be used to gain root access until the next run of cron.weekly. The exploit involves creating a trojan in /usr/sbin/uuconv, which follows symlinks as euid=uucp, (uid,gid,egid=you). The exploit then creates a file in the user's home directory, which contains a script that copies /bin/sh to a predictable location and sets the permissions to 4755.
Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open() function. This allows an attacker to inject arbitrary commands into the vulnerable application, which are then executed on the underlying system with the privileges of the webserver process. An example of this is demonstrated in the URL provided, which executes the 'id' command on the underlying system.
ShoutBOX is vulnerable to HTML injection due to insufficient sanitization of user input. Attackers can exploit this vulnerability by injecting arbitrary HTML and script code into pages generated by the script. This can result in the execution of malicious code in the web client of a user who visits the page.
An attacker with SNMP write access to the HP ProCurve 4000M Switch can write more than 85 characters to the SNMP variable .iso.3.6.1.4.1.11.2.36.1.1.2.1.0, causing the device to crash the next time it accepts a connection to either the configured telnet or HTTP port.
ZyXEL 642R and Prestige 310 routers have difficulties handling IP packets that are malformed. Reportedly, when ZyXEL routers receive a single specially malformed packet, they stop responding for exactly 30 seconds.
SecureCRT client is prone to a buffer-overflow condition when attempting to handle an overly long SSH1 protocol identifier string. Reportedly, an attacker can exploit this issue via a malicious server. Exploiting this issue may allow an attacker to execute arbitrary code or may cause the client to crash.
Microsoft Exchange 5.5 and the SMTP (Simple Mail Transfer Protocol) service included with IIS (Internet Information Services) 4.0 and 5.0 are vulnerable to an encapsulated SMTP address vulnerability. The vulnerability allows an attacker to bypass the SMTP server's security checks and send emails to arbitrary recipients, even if the SMTP server is configured to only allow relaying for certain domains. This can be exploited by sending an email with an encapsulated address, such as IMCEASMTP-test+40test+2Ecom@victim.co.uk, which will be accepted by the SMTP server.
BadBlue is reportedly prone to a denial of service condition when handling malformed GET requests. It has been discovered that BadBlue does not properly handle requests that do not adhere to RFC standards. When a user connects to BadBlue via the listening port, and issues a 'GET HTTP/1.0' request without specifying a document, BadBlue becomes unstable. In most cases, the process will crash.
dislocate.c is a local i386 exploit in v1.3 < Secure Locate < v2.3. It is a program that exploits a vulnerability in the realloc() and malloc() functions of the Secure Locate program. It allows an attacker to execute arbitrary code with the privileges of the user running the program.
Services By CQR