CVE-2004-2265

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact...

CVE-2004-2265

UUDeview 0.5.20 and earlier insecurely handles temporary files during decoding in the UUDeview code path (uulib/uunconc.c), enabling local users to overwrite arbitrary files via a symlink/temporary filename issue, as used in nzbget before 0.3.0 and potentially other products. The vulnerability st...

FreeBSD : xpm -- image decoding vulnerabilities (ef253f8b-0727-11d9-b45d-000c41e2cdad)

Chris Evans discovered several vulnerabilities in the libXpm image decoder : - A stack-based buffer overflow in xpmParseColors - An integer overflow in xpmParseColors - A stack-based buffer overflow in ParsePixels and ParseAndPutPixels The X11R6.8.1 release announcement reads : This version is...

FreeBSD : tcpdump -- infinite loops in protocol decoding (9fae0f1f-df82-11d9-b875-0001020eed82)

Problem Description Several tcpdump protocol decoders contain programming errors which can cause them to go into infinite loops. Impact An attacker can inject specially crafted packets into the network which, when processed by tcpdump, could lead to a denial-of-service. After the attack, tcpdump...

FreeBSD : gdk-pixbuf -- image decoding vulnerabilities (3d1e9267-073f-11d9-b45d-000c41e2cdad)

Chris Evans discovered several flaws in the gdk-pixbuf XPM image decoder : - Heap-based overflow in pixbufcreatefromxpm - Stack-based overflow in xpmextractcolor - Integer overflows in io-ico.c Some of these flaws are believed to be exploitable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

FreeBSD-SA-05:10.tcpdump

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:10.tcpdump Security Advisory The FreeBSD Project Topic: Infinite loops in tcpdump protocol decoding Category: contrib Module: tcpdump Announced: 2005-06-09...

tcpdump -- infinite loops in protocol decoding

Problem Description Several tcpdump protocol decoders contain programming errors which can cause them to go into infinite loops. Impact An attacker can inject specially crafted packets into the network which, when processed by tcpdump, could lead to a denial-of-service. After the attack, tcpdump...

IPSwitch IMAP Server LOGON Remote Stack Overflow

No description provided by source. / IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because of Windows SEH...

gxine: Format string vulnerability

Background gxine is a GTK+ and xine-lib based media player. Description Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. Impact A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the...

GLSA-200505-06 : TCPDump: Decoding routines Denial of Service vulnerability

The remote host is affected by the vulnerability described in GLSA-200505-06 TCPDump: Decoding routines Denial of Service vulnerability TCPDump improperly handles and decodes ISIS CAN-2005-1278, BGP CAN-2005-1267, CAN-2005-1279, LDP CAN-2005-1279 and RSVP CAN-2005-1280 packets. TCPDump might loop...

TCPDump: Decoding routines Denial of Service vulnerability

Background TCPDump is a tool for network monitoring and data acquisition. Description TCPDump improperly handles and decodes ISIS CAN-2005-1278, BGP CAN-2005-1267, CAN-2005-1279, LDP CAN-2005-1279 and RSVP CAN-2005-1280 packets. TCPDump might loop endlessly after receiving malformed packets. Impa...

Low: Red Hat Security Advisory: sharutils security update

An updated sharutils package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A stack based overflow bug was found i...

ImageMagick 6.x - '.PNM' Image Decoding Remote Buffer Overflow

source: https://www.securityfocus.com/bid/13351/info A remotely exploitable client-side buffer-overflow vulnerability affects ImageMagick. This issue occurs because the application fails to properly validate the length of user-supplied strings before copying them into static process buffers. An...

USN-92-1: LessTif vulnerabilities

Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image...

PT-2005-1545 · Curl +1 · Curl +1

Name of the Vulnerable Software and Affected Versions: cURL versions 7.12.1 and possibly other versions Description: The issue arises from multiple stack-based buffer overflows in libcURL and cURL, allowing remote malicious web servers to execute arbitrary code. This occurs when base64 encoded...

CVE-2005-0453

The bufferurldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 null character after the file extension...

GLSA-200501-19 : imlib2: Buffer overflows in image decoding

The remote host is affected by the vulnerability described in GLSA-200501-19 imlib2: Buffer overflows in image decoding Pavel Kankovsky discovered that several buffer overflows found in the libXpm library see GLSA 200409-34 also apply to imlib see GLSA 200412-03 and imlib2. He also fixed a number...

GLSA-200501-37 : GraphicsMagick: PSD decoding heap overflow

The remote host is affected by the vulnerability described in GLSA-200501-37 GraphicsMagick: PSD decoding heap overflow Andrei Nigmatulin discovered that handling a Photoshop Document PSD file with more than 24 layers in ImageMagick could trigger a heap overflow GLSA 200501-26. GraphicsMagick is...

GLSA-200501-06 : tiff: New overflows in image decoding

The remote host is affected by the vulnerability described in GLSA-200501-06 tiff: New overflows in image decoding infamous41md found a potential integer overflow in the directory entry count routines of the TIFF library CAN-2004-1308. Dmitry V. Levin found another similar issue in the tiffdump...

CVE-2005-0054

CVE-2005-0054 is a remote-code-execution vulnerability in Internet Explorer 5.01/5.5/6 where specially crafted HTML/URLs cause IE to interpret a page in the wrong security zone, potentially executing code in the Local Machine zone. The issue stems from how encoded hostnames are parsed for URLs, e...