libpng: Multiple vulnerabilities

Background libpng is the official PNG reference library used to read, write and manipulate PNG images. Description Multiple vulnerabilities were discovered in libpng: A memory leak bug was reported in pnghandletEXt, a function that is used while reading PNG images CVE-2008-6218. A memory overwrit...

Adobe PDF exploit code analysis

Websense researcher Hermes Li has posted a blow-by-blow walkthrough with screenshots of the Adobe Acrobat/Reader vulnerability that’s currently under attack. Excerpt from the blog post: “This vulnerability is different than the one found at the end of last year Exploit Action with PDF OpenAction ...

WinFTP 2.4.0 Buffer Overflow

!/usr/bin/perl WinFTP 2.3.0 post-auth remote exploit. www.wftpserver.com root@halcyon:/Exploits/WinFTP perl winftp-remote.pl Usage: winftp-remote.pl Target: 1 - Win2k Target: 2 - WinXP sp2/3 DoS only root@halcyon:/Exploits/WinFTP perl winftp-remote.pl 10.0.0.5 user1 pass1 1 = Connected. = Sending...

WinFTP 2.3.0 (LIST) Remote Buffer Overflow Exploit (post-auth)

Exploit for unknown platform in category remote exploits ============================================================== WinFTP 2.3.0 LIST Remote Buffer Overflow Exploit post-auth ============================================================== !/usr/bin/perl WinFTP 2.3.0 post-auth remote exploit...

libpng pngwutil.c NULL pointer Vulnerability

The host has libpng installed and is prone to memory overwrite vulnerability. OpenVAS Vulnerability Test $Id: secpodlibpngnullpntrvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ libpng pngwutil.c NULL pointer Vulnerability Authors: Chandan S Copyright: Copyright c 2009 SecPod, http://www.secpod.org...

libpng pngwutil.c NULL pointer Vulnerability

libpng is prone to a memory overwrite vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-5725

The NT kernel-mode driver aka pstrip.sys 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory...

CVE-2008-5724

The Personal Firewall driver aka epfw.sys 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHODNEITHER IOCTL request to \Device\Epfw that overwrites portions of memory...

CVE-2008-5725

The NT kernel-mode driver aka pstrip.sys 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory...

CVE-2008-5731

The PGPwded device driver aka PGPwded.sys in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service system crash and possibly gain privileges via a certain METHODBUFFERED IOCTL request that overwrites portions of memory, related to a "Driv...

CVE-2008-5725

The CVE affects the NT kernel-mode driver pstrip.sys (versions 5.0.1.1 and earlier) used by EnTech Taiwan PowerStrip (3.84 and earlier). The vulnerability arises from certain IRP parameters in an IOCTL sent to \Device\Powerstrip1, which can overwrite portions of memory and enable local privilege ...

Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209)

Update to SEC Consult Security Advisory 20081210-0 Microsoft SQL Server spreplwritetovarbin limited memory overwrite vulnerability =================================================================== Summary: ------------ By calling the extended stored procedure spreplwritetovarbin, an attacker ca...

Heap overflow

Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine MSDE 2000 SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine WMSDE on Windows Server 2003 SP1 and SP2; and Windows Internal Database WYukon SP2...

CVE-2008-5416

Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine MSDE 2000 SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine WMSDE on Windows Server 2003 SP1 and SP2; and Windows Internal Database WYukon SP2...

[Full-disclosure] SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability

SEC Consult Security Advisory 20081209-0 ===================================================================================== title: Microsoft SQL Server 2000 spreplwritetovarbin limited memory overwrite vulnerability program: Microsoft SQL Server 2000 vulnerable version: =8.00.2039 homepage:...

Design/Logic Flaw

The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client aka Radlogin 4.0.20 and earlier, allows remote attackers to cause a denial of...

CVE-2008-5284

The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client aka Radlogin 4.0.20 and earlier, allows remote attackers to cause a denial of...

CVE-2008-5284

The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client aka Radlogin 4.0.20 and earlier, allows remote attackers to cause a denial of...

CVE-2008-5284

The CVE-2008-5284 issue affects multiple products where the web server component can crash due to a crafted HTTP Content-Length header with a negative value. Affected are IEA Software RadiusNT/RadiusX (versions 5.1.38 up to but not including 5.1.44), Emerald (5.0.49 up to before 5.0.52), Air Mars...

CVE-2008-4558

Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison...