Malformed GIF images could allow execution of arbitrary code

When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This can lead to a...

RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...

MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass

The version of MySQL Enterprise Server 5.0 installed on the remote host is earlier than 5.0.70. In such versions, it is possible for a local user to circumvent privileges through the creation of MyISAM tables employing the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing table...

ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities

Binary data 4399.prm...

security flaw

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...

Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)

Microsoft Excel - Malformed Palette Record Denial of Service PoC MS07-002 """ MS07-002 EXCEL Malformed Palette Record Vulnerability DOS POC Author LifeAsaGeek at gmail.com ... and Microsoft said that vuln credit is for Greg MacManus of iDefense Labs Vulnerablity Description Bound error occurs whe...

Multiple vulnerabilities in TK8 Safe v.3.0.5

Multiple vulnerabilities in TK8 Safe v.3.0.5 July 3, 2006 ---- Summary: TK8 Safe www.tk8.com is a password management application, which stores authentication details and other sensitive data in encrypted local folders. A number of issues have been discovered in version 3.0.5 of the application...

CVE-2006-0691

CVE-2006-0691 concerns TTS Time Tracking Software 3.0. The vulnerability lies in edituser.php, which does not verify that the provided name and password are correct, enabling remote attackers to overwrite arbitrary data belonging to any account. Affected component: edituser.php in Time Tracking S...

CVE-2006-0539

The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data."...

CVE-2004-2591

The CVE-2004-2591 issue affects ButtUglySoftware CleanCache 2.19. The vulnerability arises from the data-overwrite capability not properly overwriting data in files, allowing recovery of previously stored data. According to the records, the impact is partial confidentiality with a local attack ve...

CVE-2004-2591

The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data...

[SA16375] XMB Forum Server Set Variable Overwrite and SQL Injection

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2004-2591

The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data...

CVE-2002-1870

Simple Web Server SWS 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution...