2589 matches found
CVE-2008-5903
Array index error in the xrdpbitmapdefproc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the editpos structure member...
Debian DSA-1699-1 : zaptel - array index error
An array index error in zaptel, a set of drivers for telephony hardware, could allow users to crash the system or escalate their privileges by overwriting kernel memory CVE-2008-5396 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
zaptel多个驱动数组索引漏洞
BUGTRAQ ID: 32575 CVECAN ID: CVE-2008-5396,CVE-2008-5744 zaptel软件包是用于配置Zapata电话内核驱动的用户工具。 由于对ZTSPANCONFIG ioctl相关的sync字段缺少检查,导致Zaptel中的torisa.c驱动的torisaspanconfig函数和dahdi/tor2.c驱动的tor2spanconfig函数存在数组索引错误。dialout组中的本地用户可以通过写入/dev/zap/ctl覆盖内核内存中的整数值,导致拒绝服务或获得权限提升。 Diginum Zaptel 1.4.x Diginum Zapt...
CVE-2008-5744
Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...
Design/Logic Flaw
Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...
CVE-2008-5744
Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...
CVE-2008-5744
CVE-2008-5744 describes an array index error in the zaptel/DAHDI driver (dahdi/tor2.c) that allows local users in the dialout group to overwrite kernel memory by writing to /dev/zap/ctl. Affected: Zaptel/DAHDI versions up to 1.4.11 (and related patches). The root cause relates to an incorrect tor...
CVE-2008-5744
Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...
CVE-2008-5498
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the bgdcolor or clrBack argument for an indexed image...
CVE-2008-5498
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the bgdcolor or clrBack argument for an indexed image...
CVE-2008-5498
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the bgdcolor or clrBack argument for an indexed image...
CVE-2008-5701
Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service system crash via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the...
CVE-2008-5701
CVE-2008-5701 is a Linux kernel local denial-of-service vulnerability on 64-bit MIPS platforms caused by an array index error in arch/mips/kernel/scall64-o32.S. It affects kernel versions prior to 2.6.28-rc8, where an o32 syscall with a small number can trigger an out-of-bounds access to the sysc...
CVE-2008-5674
Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service device crash and read portions of memory via 1 an invalid camnum parameter to the pocketpc component and 2 an invalid...
Design/Logic Flaw
Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service device crash and read portions of memory via 1 an invalid camnum parameter to the pocketpc component and 2 an invalid...
CVE-2008-5674
Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service device crash and read portions of memory via 1 an invalid camnum parameter to the pocketpc component and 2 an invalid...
Memory corruption
Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains...
Design/Logic Flaw
Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...
CVE-2008-5396
Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...
CVE-2008-5396
Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...