This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Netmechanica NetDecision HTTP Server. A buffer overflow in NetDecision's HTTP service is exploited when a long URL is managed by the HTTP Server's active window. For successfull exploitation, the victim need to have the HttpSvr's window open. Authentication is not required to exploit this vulnerability.
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer", possibly a buffer overflow.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing NaviCOPA. The vulnerability is caused due to a boundary error within the handling of HTTP GET requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP GET request to the server.
This module exploits a remote buffer-overflow in MySQL servers using the yaSSL library. The overflow is located in the 'ProcessOldClientHello' function on the yaSSL library.
MySQL server has been reported prone to a buffer overflow vulnerability when handling user passwords of excessive size. The issue presents itself, due to a lack of sufficient bounds checking performed when processing MySQL user passwords. A password greater that 16 characters may overrun the bounds of a reserved buffer in memory and corrupt adjacent memory. An attacker with global administrative privileges on an affected MySQL server may potentially exploit this condition to have arbitrary supplied instructions executed in the context of the MySQL server. This exploit takes advantage of the described vulnerability in order to install an agent.
MySQL is reported prone to multiple vulnerabilities that can be exploited together by a remote authenticated attacker to execute arbitrary code. This exploit takes advantage of an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database.
Subscribe to Remote