The vulnerabilities include a double free vulnerability, format string vulnerabilities, and integer overflows. There is also a null termination issue in the security patch for BID 10384, potentially leading to a server crash. Some of these issues may be leveraged to execute arbitrary code, while other issues may only result in a denial of service.
An attacker can delete security associations and policies from IPSec VPN's by sending a malformed UDP ISAKMP packet to a vulnerable server. The malformed packet contains payloads for both setting up a new tunnel and deleting a tunnel. Isakmpd improperly acts upon the delete payload and terminates the associations and policies relating to the tunnel. This can result in the destruction of security associations, effectively eliminating the VPN connection between gateways and denying service to legitimate users of the VPN.
The vulnerability allows a remote user to disclose files on a vulnerable computer by using the /home/@@file/ prefix and '../' directory traversal sequences.
ToCA Race Driver is affected by multiple remote denial of service vulnerabilities. These vulnerabilities occur due to a failure of the application to handle exceptional network traffic. An attacker can exploit these vulnerabilities to crash or hang the application, resulting in a denial of service for legitimate users.
SurgeMail/WebMail is prone to multiple vulnerabilities. These issue result from insufficient sanitization of user-supplied data. The issues can allow an attacker to carry out path disclosure and cross-site scripting attacks.
The Linksys Web Camera software version 2.10 and possibly other versions are prone to a remote file disclosure vulnerability. A remote attacker can exploit this vulnerability to disclose sensitive files by sending a specially crafted request to the affected software.
PHP is prone to a command execution vulnerability in its shell escape functions due to a failure to properly sanitize function arguments. This vulnerability allows an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server, potentially leading to unauthorized access.
The vulnerability in cPanel allows a remote authenticated administrator to delete customer account DNS information for customers not under their administration. By exploiting this vulnerability, an attacker can cause a denial of service (DoS) condition on vulnerable websites. The attack can be carried out by sending a specially crafted HTTP request to the vulnerable URL: http://www.example.com:2086/scripts/killacct?domain=(domain)&user=(user)&submit-domain=Terminate
An unprivileged user can recover the administrative password for FoolProof application by manipulating the password recovery algorithm. This allows the attacker to gain unauthorized administrative access to the application.
Colin McRae Rally 2004 has a flaw in handling server responses when entering the multiplayer menu. An attacker can mimic a server and send an invalid response to crash the client game, denying service to legitimate users.
Services By CQR