Winamp có một minibrowser được xây dựng trong để hiển thị thông tin về bài hát được chơi(kích hoạt theo mặc định). Cho mỗi bài hát đang được chơi trong Winamp, cácchương trình sẽ trực tiếp minibrowser đến một URL của các loại của:http://info.Winamp.com/Winamp/WA.html?Alb=&Art=&Cid=Winamp&tid=&Track=Brick.Nơi Winamp sẽ nhận được thông tin tiêu đề/nghệ sĩ/album từ ID3v1/ID3v2thẻ trong các tập tin MP3.Một vấn đề trong chương trình đã được tìm thấy cho phép kẻ tấn công để bao gồm HTMLthẻ trong các lĩnh vực (tiêu đề/nghệ sĩ/album) làm chương trình để thực hiệnmã độc hại của HTML và JavaScript. Lỗ hổng này có hiệu quả là một cây thánh giáTrang web Scripting dễ bị tổn thương...Các gói phần mềm InterNetNews (INN) là một hệ thống Usenet hoàn chỉnh. Nó bao gồm innd, mộtMáy chủ NNTP, và nnrpd, một máy chủ đọc tin. INN tách máy chủ nguồn cấp dữ liệubạn có tin tức từ những người có người dùng đọc tin tức. Một số bảo mậtlỗ hổng đã được tìm thấy trong các sản phẩm cho phép kẻ tấn công để gây rachương trình để thực thi mã tùy ý.LogWatch là một tùy biến, cắm Nhật ký giám sát hệ thống. Nó sẽ đi quaNhật ký của bạn cho một khoảng thời gian nhất định và làm cho một báo cáo trong các lĩnh vực mà bạn muốn vớiCác chi tiết mà bạn muốn. Dễ sử dụng - công trình ngay ra khỏi các gói trênHầu hết các hệ thống. Một điều kiện chủng tộc trong các sản phẩm có thể được sử dụng bởi localkẻ tấn công để đạt được quyền người chủ. Sau đây là một lời giải thích về làm thế nào đểkhai thác lỗ hổng bảo mật thông qua SSH daemon (và FTPd).The program /usr/bin/mail is a simple mail user agent that can be used also inthe batch mode, for example to send mail to the administrator when running crontasks. There is a local root compromise in all versions of OpenBSD includingOpenBSD Current prior to April 9, 2002 due to a bug in program /usr/bin/mail.The following is an exploit code that can be used by administrators to verifywhether they are vulnerable or not.For additional information on this vulnerability, please see our previousarticle:/usr/bin/mail OpenBSD Local Root Compromise (Escaping Tilde)Posadis DNS server is a simple DNS server designed for Win32 and Linux, whichwill support administration through a web interface. The log_print function isbadly written allowing an attacker to cause a format string vulnerability inthe product or overflow an internal buffer causing a buffer overflowvulnerability, both these allow remote code execution. The following areexploit codes that can be used by administrators to test their for thementioned vulnerabilities.GNU Awk (gawk) is a pattern scanning and processing language and implementationof the AWK programming language. An exploitable stack overflow has been foundin the product that allows attackers to execute arbitrary code by overflowingits internal buffers.It is possible for a local user under the FreeBSD operating system to execute asuid application with its stdin, stdout, or stderr closed. The followingexploit code can be used to test your system against the mentioned
vulnerability.
for more information about the vulnerability please see: Suid Application
Execution May Give Local Root.
psyBNC has a problem dealing with oversized passwords, making it possible to tie
up all the connection slots and consume a lot of CPU on the server.
Matu FTP is a Japanese FTP client software for Win32 Platform. An exploitable
buffer overflow problem has been found. The buffer overflow allows execution of
arbitrary code.
XTux Arena is a client server network game for X11 featuring open-source
mascots. Players can compete in a multiplayer death match mode (called holy
war) or play against the computer (cooperative multiplayer supported) in a
mission against Microsoft. A security vulnerability in the product allows
remote attackers to cause a denial of service attack against the product.
MTR is a network diagnostic tool that combines 'ping' and 'traceroute' into one
program. A security vulnerability in the product allows execution of arbitrary
code, and gaining of elevated privileges. It should be noted that MTR's author
does not recommend that the program be executed a setuid "root".
Citadel/UX is an advanced client/server BBS program for operating highly
interactive sites, both on the Internet and over dialup. Users can connect to
Citadel/UX using any of telnet, WWW, or "client software". Among the features
supported are public and private message bases (rooms), electronic mail,
real-time chat, paging, etc. The server is multithreaded and can easily support
a large number of concurrent users. In addition, SMTP and POP3 servers are
built-in for easy connection to Internet mail. Citadel/UX is both robust and
mature, having been developed over the course of the past twelve years. A
buffer overflow in the product allows an attacker to cause a denial of service
attack against the product.
SunSolve CD access CGIs allows remote attackers to cause the CGI to execute
arbitrary code by inputting it a specially crafted HTTP request.
phpBB is a high powered, fully scalable, and highly customizable forums package.
phpBB has a user-friendly interface, simply and straight-forward administration
panel, and helpful FAQ. The only way to get rid of your problem is to use the
term which follows in the input form: "mephisto". More security bugs are known.
A security vulnerability in the product allows attackers to cause it to execute
arbitrary code by including an external file (by causing 'include' directive to
URL reference a file instead of using the normal directory access).
As we reported in our previous article: Buffer Overflow in /bin/login, a
security vulnerability in the product allows remote attackers to cause an
overflow in the /bin/login binary causing it to execute arbitrary code, thus
allowing gaining of arbitrary privileges.
As we reported in our previous article: Double Free Bug in Zlib Compression
Library, a security vulnerability in Zlib allows attackers to cause the program
to incorrectly double free a memory section causing a "denial of service attack".
The following is an example of an exploit that can be used against "OpenSSH".
LogWatch is a customizable, pluggable log-monitoring system. It will go through
your logs for a given period and make a report in the areas that you wish with
the detail that you wish. Easy to use - works right out of the package on
almost all systems. This is like DailyScript, but much, much better... and
designed for RHL5. A /tmp race condition in the product can be used by local
attackers to gain "root" privileges.
A security vulnerability in "Oracle9i" ("Unbreakable") Database Server has been
found, the vulnerability would allow remote attackers to cause the server's
TSNLISTEN service to crash disallowing any legitimate requests from being
handled by the remote server.
There is a remotely exploitable buffer overflow in all versions of the ICECast
MP3 streaming server. The vulnerability can be tested against by utilizing the
below exploit code.
"Tarantella Enterprise" has been found to contain a permissions problem on some of
its temporary files that are used during the installation process. This would
allow an attacker to gain elevated privileges.
đang được dịch, vui lòng đợi..