VLC Media Player WAV文件缓冲区溢出漏洞

BUGTRAQ ID: 30058 CVE ID：CVE-2008-2430 CNCVE ID：CNCVE-20082430 VLC media player是一款流行的媒体播放器。 VLC media player处理WAV文件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 modules/demux/wav.c文件中的"Open"函数存在一个整数溢出，构建包含超大"fmt"块的WAV文件，诱使用户访问，可触发基于堆的溢出，可能以应用程序权限执行任意指令。 VideoLAN VLC media player 0.8.6 h 升级程序： VideoLAN VLC...

Wordtrans-web exec_wordtrans Function Arbitrary Command Execution

The remote host is running wordtrans-web, a web-based front-end for wordtrans, for translating words. The version of wordtrans-web installed on the remote host fails to sanitize input to the 'advanced' parameter of the 'wordtrans.php' script before using it in an 'passthru' statement to execute P...

Avaya产品WEB管理接口输入验证漏洞

BUGTRAQ ID: 29939,29938 Avaya是一家提供IP通信以及面向企业的通信网络设计、建造、部署和管理的厂商。 Avaya的Communication Manager、Message Storage Server和Avaya SIP Enablement Services 产品的WEB管理接口存在输入验证错误，如果远程攻击者向上述产品的WEB管理接口提交了恶意请求的话，就可能导致读取敏感信息或执行任意指令。 0 AVAYA Communication Manager 4.x AVAYA Communication Manager 3.1.x AVAYA SIP...

Linux Kernel BER解码缓冲区溢出漏洞

BUGTRAQ ID: 29589 CVECAN ID: CVE-2008-1673 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的cifs和ipnatsnmpbasic模块中的ASN.1 BER解码器没有正确地计算缓冲区大小，如果远程攻击者向有漏洞的系统发送了特制的BER编码数据的话，就可以触发缓冲区溢出，导致拒绝服务或执行任意指令。 Linux kernel 2.6.x Linux kernel 2.4.x Debian ------ Debian已经为此发布了一个安全公告（DSA-1592-2）以及相应补丁: DSA-1592-2：N...

CVE-2008-2575

cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a 1 ZIP aka .cbz or 2 RAR aka .cbr archive filename...

Matt Wright guestbook.pl Arbitrary Command Execution

The Matt Wright guestbook.pl 'Matt Wright guestbook.pl Arbitrary Command Execution', 'Description' = %q The Matt Wright guestbook.pl 'aushack' , 'License' = MSFLICENSE, 'References' = 'CVE...

LHA Arbitrary Command Execution Vulnerability with Shell Metacharacter in Directory Name

Overview LHA is vulnerable to arbitrary command execution due to improper handling of directory names cantaining shell metacharacters. Impact An remote attacker could execute arbitrary command. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate...

lv Arbitrary Command Execution Vulnerability

Overview lv contains a vulnerability of reading and running a .lv file in the current directry. Impact An attacker could execute arbitrary command as other users with the privilege of the user running lv. Solution Please refer to the 'Vendor Information' section of this advisory for official...

Ruby XMLRPC Arbitrary Command Execution Vulnerability

Overview utils.rb in The Ruby XMLRPC server sets an insecure default value for the publicinstancemethods function, which could cause the highly privileged function to be exposed. Impact An attacker could execute arbitrary command on the system running Ruby XMLRPC. Solution Please refer to the...

Sql injection

SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to 1 view.php and 2 topview.php...

Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities

The remote host is running RedHat or Fedora Directory Server Admin Service. The version of this software installed on the remote host is vulnerable to remote command execution flaw through the argument 'admurl' of the script '/bin/admin/admin/bin/download'. A malicious user could exploit this fla...

Fedora 8 : comix-3.6.4-6.fc8 (2008-2981)

Several security flaws are reported against comix 3.6.4. One issue is that comix uses os.popen to execute external commands without handling filenames properly. This may allow malicios users to execute arbitrary commands by opening some files with crafted names. This issue is now identified as...

Orbit Downloader URL处理栈溢出漏洞

BUGTRAQ ID: 28541 CVECAN ID: CVE-2008-1602 Orbit Downloader是用于从视频共享网站下载流媒体的下载管理器。 Orbit downloader没有正确地将URL ASCII字符串转换为Unicode，如果用户从特制的URL下载了文件的话就可能导致执行任意指令。 如果Orbit无法下载文件的话，就会在通知区域弹出气球控制： /----------- .text:004A56D0 sub4A56D0 proc near ; CODE XREF: sub42AAC0+321 p .text:004A56D0 ; sub439610+321 ...

CVE-2008-1568

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs...

CVE-2008-1568

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs...

CVE-2008-1568

Summary: CVE-2008-1568 affects the Comix GTK comic viewer. The vulnerability arises when filenames containing shell metacharacters are passed to the external tools rar, unrar, or jpegtran, allowing arbitrary command execution. A related issue (CVE-2008-1796) concerns directory name predictability...

[EXPL] Sun Solaris rpc.ypupdated Arbitrary Command Execution (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Versant Connection Services Daemon Arbitrary Command Execution

The version of the Versant Object Database installed on the remote host accepts input supplied by the client and uses it to launch needed programs or locate database files. An unauthenticated, remote attacker can leverage this issue to execute arbitrary commands on the affected host subject to th...

Programmer's Notepad ctags栈缓冲区溢出漏洞

BUGTRAQ ID: 28119 Programmer's Notepad是免费的开源文本编辑器。 Programmer's Notepad在处理ctags输出时存在栈溢出漏洞，攻击者可能利用此漏洞控制用户系统。 如果用户受骗打开了特制的.c文件并使用了Jump To对话框的话，就可以触发这个溢出，导致执行任意指令。 pnotepad.org Programmer's Notepad 2.0.6.1 pnotepad.org ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Microsoft Works File Converter index table vulnerability

Added: 02/22/2008 CVE: CVE-2008-0105 BID: 27658 OSVDB: 41458 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows arbitrary command execution when a user opens a .w...