CVE-2004-0805

Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain 1 mp3 or 2 mp2 file...

CVE-2004-1065

Buffer overflow in the exifreaddata function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file...

CVE-2004-1302

The id3tagsort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag...

CVE-2004-1308

Integer overflow in 1 tifdirread.c and 2 tiffax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFFASCII or TIFFUNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow...

CVE-2004-1308

Integer overflow in 1 tifdirread.c and 2 tiffax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFFASCII or TIFFUNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow...

CVE-2004-1309

Heap-based buffer overflow in the demuxopenbmp function in demuxbmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap BMP file containing a large biClrUsed field...

WinRAR 3.4.1 - Corrupt .ZIP File

WinRAR 3.4.1 - Corrupt .ZIP File / WinRAR 3.40 Buffer Overflow POC Thanks to Miguel Tarasco Acuna. He has made a wonderful code for Microsoft Windows Vulnerability in Compressed zipped Folders MS04-034 which I edited and made this code by. Coded by Vafa Khoshaein - [email protected]...

DXFScope 0.2 - Remote Client-Side Buffer Overflow

source: https://www.securityfocus.com/bid/11986/info A remote, client-side buffer overflow vulnerability reportedly affects the DXFscope utility. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it as the format specifier string in a...

WinRAR <= 3.4.1 Corrupt ZIP File Vulnerability PoC

Exploit for unknown platform in category local exploits ================================================== WinRAR include pragma pack1 define DATOS "email protected" typedef struct DWORD Signature; WORD VersionNeeded; WORD GeneralPurposeFlag; WORD CompressionMethod; WORD ModFileTime; WORD...

WinRAR 3.4.1 - Corrupt &#039;.ZIP&#039; File

/ WinRAR 3.40 Buffer Overflow POC Thanks to Miguel Tarasco Acuna. He has made a wonderful code for Microsoft Windows Vulnerability in Compressed zipped Folders MS04-034 which I edited and made this code by. Coded by Vafa Khoshaein - [email protected] Vulnerability discovery date : December 10...

abctab2ps 1.6.3 - Write_Heading .ABC Remote Buffer Overflow

abctab2ps 1.6.3 - WriteHeading .ABC Remote Buffer Overflow source: https://www.securityfocus.com/bid/12026/info abctab2ps is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied...

PCAL 4.x - Calendar File getline Remote Buffer Overflow

PCAL 4.x - Calendar File getline Remote Buffer Overflow source: https://www.securityfocus.com/bid/12035/info PCAL is prone to a buffer overflow vulnerability. This issue is exposed when the application handles a calendar file that contains excessively long lines. Since calendar files may originat...

Michael Kohn Ringtone Tools 2.22 - .EMelody File Remote Buffer Overflow

Michael Kohn Ringtone Tools 2.22 - .EMelody File Remote Buffer Overflow source: https://www.securityfocus.com/bid/12010/info Ringtone Tools is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copyi...

CVE-2004-0982

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ at sign in a URL...

CVE-2004-0982

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ at sign in a URL...

Debian DSA-565-1 : sox - buffer overflow

Ulf Harnhammar has reported two vulnerabilities in SoX, a universal sound sample translator, which may be exploited by malicious people to compromise a user's system with a specially crafted .wav file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

CVE-2004-1623

The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service infinite loop in Explorer via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF...

Xpdf, CUPS: Multiple integer overflows

Background Xpdf is an open source viewer for Portable Document Format PDF files. The Common UNIX Printing System CUPS is a cross-platform print spooler that includes some Xpdf code. Description Chris Evans discovered multiple integer overflow issues in Xpdf. Impact An attacker could entice an use...

Important: Red Hat Security Advisory: ImageMagick security update

Updated ImageMagick packages that fix various security vulnerabilities are now available. ImageMagickTM is an image display and manipulation tool for the X Window System. A heap overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted BMP file in...

Debian DSA-303-1 : mysql - privilege escalation

CAN-2003-0073: The mysql package contains a bug whereby dynamically allocated memory is freed more than once, which could be deliberately triggered by an attacker to cause a crash, resulting in a denial of service condition. In order to exploit this vulnerability, a valid username and password...