CVE-2008-1685

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer...

CVE-2008-1685

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer...

CVE-2008-1685

CVE-2008-1685 affects GNU Compiler Collection versions 4.2.0–4.3.0. The issue is that when casts are not used, the sum of a pointer and an int may be considered >= the pointer, which can lead to removal of length-testing code intended as protection against integer overflow and buffer overflow,...

PT-2008-1164 · Gnu · Gnu Compiler Collection

Name of the Vulnerable Software and Affected Versions: GNU Compiler Collection versions 4.2.0 through 4.3.0 Description: The issue is related to the incorrect handling of the sum of a pointer and an integer as greater than or equal to the pointer without using casts. This might lead to the remova...

DEBIAN-CVE-2008-1367

gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag DF from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signa...

Debian Security Advisory DSA 1170-1 (gcc-3.4)

The remote host is missing an update to gcc-3.4 announced via advisory DSA 1170-1. Jürgen Weigert discovered that upon unpacking JAR archives fastjar from the GNU Compiler Collection does not check the path for included files and allows to create or overwrite files in upper directories. OpenVAS...

Debian: Security Advisory (DSA-1170)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2003-1474

slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris...

CVE-2003-1473

Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable...

CVE-2003-1473

Summary of CVE-2003-1473 : A buffer overflow in LTris 1.0.1 (FreeBSD Ports Collection up to 2003-02-25 and earlier) allows local users to execute arbitrary code with gid "games" privileges by supplying a long HOME environment variable. Exploitation details, affected versions, and remediation are ...

CVE-2003-1474

CVE-2003-1474 concerns the FreeBSD Ports Collection component slashem-tty, which is reported to be installed with write permissions for the games group. The provided documents state that local users with games group privileges can modify slashem-tty and execute arbitrary code as other users, leve...

openSUSE 10 Security Update : seamonkey (seamonkey-1952)

This security update brings Mozilla SeaMonkey to version 1.0.4. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - CVE-2006-3801/MFSA 2006-44: Code execution through deleted frame reference...

Unfixed XSS vulnerability at www.royalcollection.org.uk

Security researcher www.r3t.n3t.nl, has submitted on 30/09/2007 a cross-site-scripting XSS vulnerability affecting www.royalcollection.org.uk, which at the time of submission ranked 186807 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

Update Protection against Sun Microsystems Java System Web Proxy sockd Daemon Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in the Java System Web Proxy sockd daemon. Java System Web Proxy Server collects and distributes data from the network. It provides protocol support for SOCKS - an Internet protocol that allows client-server applications to transparently use the...

Design/Logic Flaw

Guidance Software EnCase does not properly handle 1 certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; 2 NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain...

Unfixed XSS vulnerability at www.audi-collection.com

Security researcher A.D.T, has submitted on 19/05/2007 a cross-site-scripting XSS vulnerability affecting www.audi-collection.com, which at the time of submission ranked 900168 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/05/2007. It is...

Default credentials

Cisco Network Services CNS NetFlow Collection Engine NFC before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system...

CVE-2007-2282

Cisco NetFlow Collection Engine (NFC) before version 6.0 is affected by a default credentials issue: the nfcuser account uses a default password, allowing remote attackers to modify NFC configuration and, on Linux, gain login access to the host OS. This is due to default accounts in NFC prior to ...

Cisco NetFlow Collection Engine contains known default passwords

Overview A vulnerability in the Cisco NetFlow Collection Engine could allow a remote attacker to gain access to a vulnerable system. Description The Cisco Network Services CNS NetFlow Collection Engine NFC is a software package for supported UNIX platforms and is used to collect and monitor NetFl...

Default Passwords in NetFlow Collection Engine

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...