AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to execute arbitrary code on the server. The issue is due to the web server not properly sanitizing GET requests. If an attacker sends a sepcially crafted GET request longer than 1000 bytes, they can overflow a buffer to execute arbitrary code.
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user appends a semicolon and arbitrary command to the end of a filename when saving a file in soundplayer. This flaw may lead to a loss of integrity.
AltaVista Intranet Search CGI contains a flaw that allows a remote attacker to read arbitrary files outside of the web path. The issue is due to the "query" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "mss" variable.
Open Transport in Mac OS 9 contains a flaw that may allow a remote denial of service. The issue is triggered when sending a malformed 29 byte long UDP packet, which will cause the machine to respond with an 1,500 byte long ICMP packet. It is possible for a remote attacker to use this behavior as an amplifier against other targets.
(Description Provided by CVE) : IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
By default, glFTPd installs with a default password. The 'gltftpd' account has a password of 'gltftpd' which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.
One "feature" of Virus scanning software permits attackers to hide malicious code in the "RECYCLED" directory. On vulnerable platforms, this means that users will not be notified of the presence of malware which is placed in this directory, in the event that their machine is compromised. However, this could allow infected machines to continue to be used for malicious purposes that should otherwise be noticed and stopped.
The i2odialog daemon in UnixWare contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to improper bounds checking of the i2odialog daemon, resulting in an buffer overflow. When sending a long username/password authorization string with 88 or more characters, a remote attacker could gain root access, resulting in a loss of integrity.
(Description Provided by CVE) : Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
Sun Microsystems Solaris dmispd contains a flaw that may allow a local denial of service. The issue is triggered when dmi_cmd is used to add a file which has more than 1024 characters in the first line to the DMI database, and will result in loss of availability for the DMI service.
A remote overflow exists in Microsoft IIS. The server fails to handle overly long URLs which contain hundreds of forward slashes, resulting in an access violation. With a specially crafted request, an attacker can cause the server to crash, resulting in a loss of availability.
A remote overflow may exists in Linuxconf. The issue is due to the handling of HTTP headers resulting in a buffer overflow. When the Web administration mode is enabled, a remote attacker could send an overly long parameter to the USER_AGENT field, which may allow arbitrary code execution reulting in a loss of integrity.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.