15 matches found
Cacti < 0.8.6e Multiple Vulnerabilities
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.6e. It is, therefore, potentially affected by the following vulnerabilities : - A PHP file inclusion vulnerability exists in 'topgraphheader.php' that allows remote...
CVE-2008-1881
Stack-based buffer overflow in the ParseSSA function modules/demux/subtitle.c in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681...
Stack overflow
Stack-based buffer overflow in the ParseSSA function modules/demux/subtitle.c in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681...
CVE-2008-1881
Stack-based buffer overflow in the ParseSSA function modules/demux/subtitle.c in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681...
CVE-2008-1881
VLC 0.8.6e contains a stack-based buffer overflow in ParseSSA (modules/demux/subtitle.c) that can be triggered by a long SSA subtitle, allowing remote code execution. This CVE is CVE-2008-1881; related OpenVAS and Debian advisories document the issue as a real vulnerability and note Debian/ Gento...
Integer overflow
Integer overflow in the MP4ReadBoxrdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984...
DEBIAN-CVE-2008-1489
Integer overflow in the MP4ReadBoxrdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984...
CVE-2008-1489
Integer overflow in the MP4ReadBoxrdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984...
CVE-2008-1489
Integer overflow in the MP4ReadBoxrdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984...
CVE-2008-1489
Integer overflow in the MP4ReadBoxrdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984...
VLC highlander bug
The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e, in fact buffertext2 in ParseSSA is still unchecked: if sscanf s, "Dialogue: ^,,d:d:d.d,d:d:d.d,81920^rn", buffertext2, The funny thing is that my old proof-of-concept was built just to test this...
VLC <= 0.8.6e Subtitle Parsing Local Buffer Overflow Exploit
No description provided by source. / VLC =0.8.6.e Subtitle parsing local buffer overflow exploit Creadit to [email protected] vs Look2Me @ Tested on windows XP Pro SP2 / include stdio.h include stdlib.h include string.h char ssaheader= "Script Info\r\n" "Title: VLC = 0.8.6c,e buffer-overflow\r\n"...
VLC <= 0.8.6e Subtitle Parsing Local Buffer Overflow Exploit
Exploit for unknown platform in category local exploits ============================================================ VLC include include char ssaheader= "Script Info\r\n" "Title: VLC = 0.8.6c,e buffer-overflow\r\n" "ScriptType: v4.00\r\n" "Collisions: Normal\r\n" "V4 Styles\r\n" "Events\r\n"...
CVE-2005-1525
SQL injection vulnerability in configsettings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter...
DEBIAN-CVE-2005-1525
SQL injection vulnerability in configsettings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter...