unace -- multiple vulnerabilities

Ulf Härnhammar reports: There are buffer overflows when extracting, testing or listing specially prepared ACE archives. There are directory traversal bugs when extracting ACE archives. There are also buffer overflows when dealing with long 17000 characters command line arguments. Secunia reports:...

IBM AIX auditselect format string bug

Buffer overflow on parsing command line argument...

CVE-2004-1131

Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments...

SCO OpenServer scosession buffer overflow

Buffer overflow on command line parsing...

CVE-2003-1053

Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long 1 -KCONV command line option or 2 XSHISENLIB environment variable...

xshisen -- local buffer overflows

Steve Kemp has found buffer overflows in the handling of the command line flag -KCONV and the XSHISENLIB environment variable. Ulf Härnhammer has detected an unbounded copy from the GECOS field to a char array. All overflows can be exploited to gain group games privileges...

CVE-2004-1114

Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777...

CVE-2004-2159

Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via 1 xmlelem.c and 2 xmlselect.c...

CVE-2004-1772

Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument...

CVE-2004-2552

Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privileg...

CVE-2004-0780

Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument...

CVE-2004-2552

Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privileg...

rssh/rcponly protection bypass

Restricted application can be executed with command line of allowed application...

CVE-2004-1114

Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777...

SecureCRT - Remote Command Execution

======================================================================== = SecureCRT - Remote Command Execution = = Vendor Update: = http://www.vandyke.com/download/securecrt/index.html = = Affected Software: = SecureCRT V4.1, V4.0 and probably lower = = Public disclosure on November 23, 2004...

[SA13191] Skype "callto:" URI Handler Buffer Overflow Vulnerability

TITLE: Skype "callto:" URI Handler Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA13191 VERIFY ADVISORY: http://secunia.com/advisories/13191/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Skype for Windows 1.x http://secunia.com/product/4250/ DESCRIPTION: A...

GLSA-200410-08 : ncompress: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200410-08 ncompress: Buffer overflow compress and uncompress do not properly check bounds on command line options, including the filename. Large parameters would trigger a buffer overflow. Impact : By supplying a carefully crafted...

Debian DSA-307-1 : gps - multiple vulnerabilities

gPS is a graphical application to watch system processes. In release 1.1.0 of the gps package, several security vulnerabilities were fixed, as detailed in the changelog : - bug fix on rgpsp connection source acceptation policy it was allowing any host to connect even when the /etc/rgpsp.conf file...

Debian DSA-168-1 : php - bypassing safe_mode, CRLF injection

Wojciech Purczynski found out that it is possible for scripts to pass arbitrary text to sendmail as commandline extension when sending a mail through PHP even when safemode is turned on. Passing 5th argument should be disabled if PHP is configured in safemode, which is the case for newer PHP...

Debian DSA-377-1 : wu-ftpd - insecure program execution

wu-ftpd, an FTP server, implements a feature whereby multiple files can be fetched in the form of a dynamically constructed archive file, such as a tar archive. The names of the files to be included are passed as command line arguments to tar, without protection against them being interpreted as...