CVE-2009-3160

IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue...

CVE-2009-3160

CVE-2009-3160 affects IBM WebSphere MQ 6.x up to 6.0.2.7 and 7.0.x (7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.1.0). The issue is related to a memory overwrite vulnerability when read-ahead or asynchronous message consumption is enabled. The provided documents describe an unspecified impact and unknown vecto...

Pidgin MSN SLP Packets Denial Of Service Vulnerability - Windows

Pidgin is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Memory corruption

The msnslplinkprocessmsg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin formerly Gaim before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash by sending multiple...

Design/Logic Flaw

DISPUTED The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE:...

PT-2009-5049 · Microsoft · Windows Xp +2

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 versions prior to SP1 Description: The issue allows local administrators to bypass unspecified security software and gain privileges via a crafted call that triggers ...

Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869)

Background: ========== ActionScript code is compiled into ActionScript Byte Code segments, loaded by AVM2 ActionScript Virtual Machine 2. These segments are described by the abcFile structure: abcFile u16 minorversion u16 majorversion cpoolinfo constantpool u30 methodcount methodinfo...

CVE-2009-2584

CVE-2009-2584 affects the SGI GRU driver in Linux kernels up to and including 2.6.30.2, on ia64 and x86 platforms. The vulnerability is an off-by-one error in the options_write function of drivers/misc/sgi-gru/gruprocfs.c that may allow a local user to overwrite arbitrary kernel memory via a craf...

ZDI-09-044: Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability

ZDI-09-044: Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-044 June 24, 2009 -- CVE ID: CVE-2009-1860 -- Affected Vendors: Adobe -- Affected Products: Adobe Acrobat -- TippingPointTM IPS Customer Protection:...

Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability

This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director...

Adobe Shockwave Player Pointer Memory Overwrite (APSB09-08; CVE-2009-1860)

Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. A memory overwrite vulnerability has been identified in Adobe Shockwave Player.The vulnerability is due to ...

kernel: cifs: memory overwrite when saving nativeFileSystem field during mount

Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service crash via a long nativeFileSystem field in a Tree Connect response to an SMB mount request...

Null pointer dereference

The RPC Marshalling Engine aka NDR in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that...

CVE-2009-0568

The RPC Marshalling Engine aka NDR in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that...

CVE-2009-0568

The CVE-2009-0568 issue affects the Windows RPC runtime (RPC Marshalling Engine/NDR) across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 SP2. The root cause is the RPC Marshalling Engine failing to update its internal state, permitting a crafted RPC message to rea...

kernel: cifs: memory overwrite when saving nativeFileSystem field during mount

Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service crash via a long nativeFileSystem field in a Tree Connect response to an SMB mount request...

Debian DSA-1800-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a sensitive memory leak. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0028 Chris Evans discovered a situation in which ...

Mandriva Update for mplayer MDVSA-2008:196 (mplayer)

Check for the Version of mplayer OpenVAS Vulnerability Test Mandriva Update for mplayer MDVSA-2008:196 mplayer Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Cross site request forgery (csrf)

The TrendMicro Activity Monitor Module tmactmon.sys 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHODNEITHER IOCTL request to \Device\tmactmon that overwrites memory...

CVE-2009-0686

The TrendMicro Activity Monitor Module tmactmon.sys 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHODNEITHER IOCTL request to \Device\tmactmon that overwrites memory...