Debian DSA-176-1 : gv - buffer overflow

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges o...

Buffer overflow in Zinf 2.2.1 for Win32

I don't know why this bug has not been tracked but moreover I don't completely know why it has not been fixed yet in the Windows version of Zinf. In short, Zinf is an audio player for Linux and Windows: http://www.zinf.org The latest Linux version is 2.2.5 while the latest Windows version is 2.2....

evil_song.py

POC Exploit for SoX Stack Overflow Vulnerability found by Ulf Harnhammar Tested Under Slackware 9.1 Serkan Akpolat [email protected] | [email protected] Homepage: http://deicide.siyahsapka.org Greets to: Virulent deicide@gate:$ play britney.wav sh-2.05b$ "jmp %esp" from libc.so , change this ...

SoX Local Buffer Overflow Exploiter (Via Crafted WAV File)

Exploit for linux platform in category local exploits ========================================================== SoX Local Buffer Overflow Exploiter Via Crafted WAV File ========================================================== --------------------------------- Begin Code: sox-exploiter.c...

SoX - '.wav' Local Buffer Overflow

//--------------------------------- Begin Code: sox-exploiter.c --------------------------------- / Copyright Rosiello Security 2004 http://www.rosiello.org CVE Reference: CAN-2004-0557 Bug Type: Stack Overflow Date: 01/08/2004 Ulf Harnhammar reported that there are two buffer overflows in the...

Esearch: Insecure temp file handling

Background Esearch is a replacement for the Portage command "emerge search". It uses an index to speed up searching of the Portage tree. Description The eupdatedb utility uses a temporary file /tmp/esearchdb.py.tmp to indicate that the eupdatedb process is running. When run, eupdatedb checks to s...

Microsoft Windows WMF/EMF Image Formats Remote Buffer Overflow Vulnerability

Description It has been reported that Windows may be prone to a remote buffer overflow vulnerability when rendering WMF/EMF image files. An attacker could create a malicious WMF or EMF file and entice a user to view the file via an application that supports the WMF and EMF formats. Immediate...

UUDeview MIME Buffer Overflow

Background UUDeview is a program which is used to transmit binary files over the Internet in a text-only format. It is commonly used for email and Usenet attachments. It supports multiple encoding formats, including Base64, BinHex and UUEncoding. Description By decoding a MIME archive with...

Directory traversal in RealPlayer allows code execution

OVERVIEW ======== RealPlayer is a popular multimedia player developed by RealNetworks. One of its features are RMP files, RealJukebox Metadata Packages. These are XML formatted files which may contain e.g. playlists, references to skin files .rjs, and information about related web pages. A...

Les Commentaires (PHP) Include file

Informations : °°°°°°°°°°°°°° Website : http://www.phpscripts-fr.net Version : all Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° config/fonctions.lib.php dernierscommentaires.php admin.php ------------------------------------------------------------------ if !isset$rep $rep = './...

CVE-2003-0765

The INMIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value...

CVE-2003-0765

The INMIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value...

Winamp 2.91 lets code execution through MIDI files

Luigi Auriemma Application: Winamp http://www.winamp.com and http://classic.winamp.com Versions: Winamp 2.91 using INMIDI.DLL 3.01 Winamp 3 crashes but I have not found methods to execute code Platforms: Windows Bugs: Code execution through malformed MIDI files Risk: medium/high exploitation has...

CVE-2003-0577

mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size...

EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption

Windows MIDI Decoder QUARTZ.DLL Heap Corruption Release Date: July 23, 2003 Severity: High Remote Code Execution Systems Affected: Windows 98 Windows 98 SE Windows Millennium Edition Windows NT 4.0 Windows NT 4.0, Terminal Server Edition Windows 2000 Windows XP Windows Server 2003 Description: A...

Man 1.5.1 - Catalog File Format String

// source: https://www.securityfocus.com/bid/7812/info A vulnerability has been reported in the man utility. The problem is said to occur due to a format string bug when handling a catalog file. As a result, an attacker may be capable of writing arbitrary values to sensitive locations within...

ChiTeX 6.1.2 - Local Privilege Escalation

source: https://www.securityfocus.com/bid/7263/info A vulnerability in ChiTex has been reported that may allow local users to obtain root privileges on vulnerable systems. The vulnerability exists due to the existence of two setuid root binaries that execute the 'cat' program without an absolute...

AutomatedShops WebC 2.05.0 - Symbolic Link Following Configuration File

AutomatedShops WebC 2.05.0 - Symbolic Link Following Configuration File source: https://www.securityfocus.com/bid/7272/info It has been reported that WebC will execute in the directory of a symbolic link from which it is invoked. Because of this, it may be possible for a local user to load a...

CVE-2003-0141

The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the...

Important: Red Hat Security Advisory: apache, openssl, php security update for Stronghold

Updated versions of Stronghold 3.0 are available to fix a number of vulnerabilities in OpenSSL, Apache, and PHP. Stronghold 3.0 contains a number of open source technologies such as OpenSSL, Apache, and PHP. The following paragraphs describe a number of issues that have been found in versions of...