Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, allows attackers to create or overwrite arbitrary files on the system. The problem exists because environment variables are used to create log files. Even when the program is setuid, users can specify a log file that will be created with elevated privileges (CVE-2006-4842).
This exploit is a local kernel DoS vulnerability in FreeBSD 6.1. It is triggered by an ioctl call to the /dev/crypto device with a malformed parameter. This causes the kernel to crash, resulting in a denial of service.
A vulnerability exists in the Cisco VPN Concentrator 3000, an unauthenticated user may access the file system through manipulation of FTP service commands. An unauthenticated user can use the following commands; CWD, MKD, CDUP, RNFR, SIZE, RMD. The FTP service remembers the current working directory so directory changes can affect exploitation. By removing potentially sensitive directories such as 'CERTS' it may be possible to disrupt service to a VPN.
A vulnerability exists in the smartgate SSL server (listens on port 443 by default) which may allow a malicious user to download arbitrary files with the priviledges of the smartgate server. By analyzing the returned HTTP header response, an attacker can also test for the existance of a remote directory. Remote directories return a "Moved Permanently" error, as opposed to a 404.
HP-UX libc contains an exploitable stack overflow in the handling of 'TZ' environment variable. The problem occurs due to insufficient bounds checking in the localtime_r() and related functions. Any suid or sgid program which uses the timezone functions can be used as an attack vector. This exploit uses 'su' to obtain root priviledges.
HP-UX 'swmodify' contains an exploitable stack overflow in the handling of command line arguements. Specifically the problem occurs due to insufficent bounds checking in the '-S' optional arguement. 'swmodify' is installed setuid root by default in HP-UX and allows for local root compromise when exploiting this issue.
HP-UX 'swpackage' contains an exploitable stack overflow in the handling of command line arguements. Specifically the problem occurs due to insufficent bounds checking in the '-S' optional arguement. 'swpackage' is installed setuid root by default in HP-UX and allows for local root compromise when exploiting this issue.
CMS Faethon 2.0 Ultimate is vulnerable to a remote/local file include vulnerability. Successful exploitation requires register_globals = on and magic_quotes_gpc = on.
Ascended Guestbook version 1.0.0 is vulnerable to a remote file include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute arbitrary code on the vulnerable server.
A remote file include vulnerability exists in InteliEditor, due to insufficient sanitization of user-supplied input to the 'sys_path' parameter in 'lib.editor.inc.php'. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.
Services By CQR