ASP.NET invalid components usage DoS

w2wp process can crash or exhaust resources on .Net applications written without “AspCompat” directive...

ASP.NET w3wp (COM Components) Remote Crash Exploit

Exploit for unknown platform in category dos / poc ================================================== ASP.NET w3wp COM Components Remote Crash Exploit ================================================== // w3wp-dos.c // include "stdafx.h" pragma comment lib,"ws232" include include include include...

w3wp remote DoS due to improper reference of STA COM components in ASP.NET

Often developers forget to use the “AspCompat” directive which is required while referencing COM components in ASP.NET. Missing AspCompat directive causes general instability and poor performance of the web application, just a simple increase of load on a web server may cause it to crash. After...

CVE-2006-0599

The 1 elog.c and 2 elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames...

CVE-2006-0599

The 1 elog.c and 2 elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames...

CVE-2006-0599

Removed by vendor...

Crossite browsing tracing attacks

Multiple browsing components allow to trace user browsing and to gather different information about user...

security flaw

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...

[Full-disclosure] [SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 941-1 [email protected] http://www.debian.org/security/ Martin Schulze January 16th, 2006 http://www.debian.org/security/faq -...

CVE-2006-0197

The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including 1 the X server and 2 Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers t...

security flaw

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...

security flaw

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...

DEBIAN-CVE-2005-3627

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...

CVE-2005-3627

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...

DEBIAN-CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service crash via a crafted FlateDecode stream that triggers a null dereference...

CVE-2005-4459

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted 1 EPRT and 2 PORT FTP commands...

security flaw

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...

security flaw

Multiple heap-based buffer overflows in the 1 DCTStream::readProgressiveSOF and 2 DCTStream::readBaselineSOF functions in the DCT stream parsing code Stream.cc in xpdf 3.01 and earlier, as used in products such as a Poppler, b teTeX, c KDE kpdf, d pdftohtml, e KOffice KWord, f CUPS, and g...

security flaw

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...

ISS deployment manager detection

The remote host appears to run ISS deployment manager, connections are allowed to the web interface to remote install various SiteProtector components. Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition...