155 matches found
Heap overflow
Heap-based buffer overflow in mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE:...
CVE-2007-2417
Heap-based buffer overflow in mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE:...
CVE-2007-2417
Heap-based buffer overflow in mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE:...
CVE-2007-2417
CVE-2007-2417 concerns a heap-based overflow in Progress OpenEdge’s Progress server component _mprosrv.exe. The vulnerability affects Progress OpenEdge 9.1E and 10.1x (via the Progress server) and can be triggered by crafted TCP packets received on the server, leading to potential remote code exe...
[Full-disclosure] TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability
TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-12.html July 12, 2007 -- CVE ID: CVE-2007-2417 -- Affected Vendor: Progress Software -- Affected Products: RSA Authentication Manager Progress Database -- TippingPointTM IPS...
CVE-2007-3491
Buffer overflow in mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message...
Buffer overflow
Buffer overflow in mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message...
CVE-2007-3491
Buffer overflow in mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message...
CVE-2007-3491
CVE-2007-3491 concerns a buffer overflow in Progress OpenEdge’s _mprosrv (before 9.1E0422 and before 10.1B01 for 10.x) that can be triggered by a malformed TCP/IP message. The available documents identify the affected component (_mprosrv.exe) and the vulnerable versions, with an remote-access vec...
CVE-2007-2506
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...
Code injection
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...
CVE-2007-2506
This CVE concerns WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e and some 9.x variants. The vulnerability allows remote attackers to cause a denial of service (infinite loop and daemon hang) by requesting a messenger URL that calls _edit.r with no additional parameters, demonstr...
latest Progress patch has suid issues AGAIN.
Progress 9.1C11 Patch date 2002/04/26 http://www.progress.com/patches/patchlst/91C-178v.htm Once again by ignoring my warnings and suggestions and even offers to audit code prior to release for the public, Progress Software has happened upon a security hole. If you will recall from last month...
Multiple buffer overflows in Progress
Multiple buffer overflows, format string bugs, etc...
Progress Software suid overflows again.
Yet another b0f in progress software due to pstcopy Progress Software corp. http://www.progress.com STILL can't seem to validate user input... this is in their latest patch level for Progress 9.1C 91C09.tar.Z root@localhost bin cat ../version echo PROGRESS PATCH Version 9.1C09 as of February 26,...