Lucene search
K

842 matches found

seebug.org
seebug.org
added 2009/01/08 12:0 a.m.21 views

Audacity '.aup'项目文件解析缓冲区溢出漏洞

BUGTRAQ ID: 33160 CNCAN ID:CNCAN-2009010801 Audacity是一款数码音效处理程序。 Audacity处理'.aup'文件存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 构建包含超长字符的'.aup'文件,诱使用户使用Audacity导入,可导致以应用程序权限执行任意指令。 Audacity 1.6.2 厂商解决方案 目前没有详细解决方案提供: http://audacity.sourceforge.net/ http://www.sebug.net/exploit/5573/...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/12/05 12:0 a.m.11 views

RadASM .rap项目文件缓冲区溢出漏洞

BUGTRAQ ID: 32617 RadASM是一款WIN32汇编编辑器,支持MASM、TASM等多种汇编编译器。 如果用户受骗使用RadASM打开了恶意的.rap项目文件并通过Group密钥向缓冲区提供了超长输入的话,就可能触发缓冲区溢出,导致覆盖内存中存储的WindowCallProcA指针并执行任意代码。 Ketil O RadASM 2.2.1.4 Ketil O ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.radasm.com/...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2008/12/04 12:0 a.m.19 views

radasm-hijack.txt

!/usr/bin/perl RadAsm Building poc.rap..\n"; print "- poc.rap Created have unf :\n"; win32exec - EXITFUNC=process CMD=calc.exe Size=351 Encoder=PexAlphaNum http://metasploit.com my $shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"...

7.4AI score
Exploits0
Prion
Prion
added 2008/11/13 2:30 a.m.30 views

Heap overflow

Off-by-one error in the getunicodename function libclamav/vbaextract.c in Clam Anti-Virus ClamAV before 0.94.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow...

9.3CVSS7.9AI score0.08293EPSS
Exploits1References25Affected Software1
UbuntuCve
UbuntuCve
added 2008/11/13 2:30 a.m.31 views

CVE-2008-5050

Off-by-one error in the getunicodename function libclamav/vbaextract.c in Clam Anti-Virus ClamAV before 0.94.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow...

9.3CVSS6.5AI score0.08293EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2008/11/13 1:0 a.m.26 views

CVE-2008-5050

Off-by-one error in the getunicodename function libclamav/vbaextract.c in Clam Anti-Virus ClamAV before 0.94.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow...

9.3CVSS7.5AI score0.08293EPSS
Exploits1
securityvulns
securityvulns
added 2008/11/10 12:0 a.m.25 views

ClamAV get_unicode_name() off-by-one buffer overflow

----------------------------------------------------------------- ClamAV getunicodename off-by-one buffer overflow Copyright c 2008 Moritz Jodeit [email protected] 2008/11/08 ----------------------------------------------------------------- Application details: From http://www.clamav.net/: "Clam...

0.2AI score
Exploits0
Prion
Prion
added 2007/06/28 6:30 p.m.13 views

Design/Logic Flaw

PCSoft WinDEV 11 01F110053p allows user-assisted remote attackers to cause a denial of service infinite loop and resource consumption via a malformed WDP project file...

7.1CVSS7.1AI score0.02123EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/06/28 6:30 p.m.14 views

CVE-2007-3480

PCSoft WinDEV 11 01F110053p allows user-assisted remote attackers to cause a denial of service infinite loop and resource consumption via a malformed WDP project file...

7.1CVSS6.6AI score0.02123EPSS
Exploits0References3
NVD
NVD
added 2007/06/28 6:30 p.m.15 views

CVE-2007-3479

Stack-based buffer overflow in PCSoft WinDEV 11 01F110053p allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file...

6.8CVSS8AI score0.03482EPSS
Exploits0References4
Prion
Prion
added 2007/06/28 6:30 p.m.14 views

Stack overflow

Stack-based buffer overflow in PCSoft WinDEV 11 01F110053p allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file...

6.8CVSS8.6AI score0.03482EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/06/28 6:0 p.m.20 views

CVE-2007-3479

Stack-based buffer overflow in PCSoft WinDEV 11 01F110053p allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file...

8AI score0.03482EPSS
Exploits0References4
CVE
CVE
added 2007/06/28 6:0 p.m.40 views

CVE-2007-3480

CVE-2007-3480 affects PCSoft WinDEV 11, where the WDP project file handling is vulnerable to a denial of service via a malformed WDP project file. The issue enables user‑assisted remote attackers to trigger an infinite loop and increased resource consumption. The provided connected documents conf...

7.1CVSS6.6AI score0.02123EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/06/28 6:0 p.m.41 views

CVE-2007-3479

PCSoft WinDEV 11 is affected by a stack-based buffer overflow in the handling of the "used DLL" field within a WDP project file. The vulnerability allows a user-associated (user-assisted) remote attacker to execute arbitrary code by supplying a sufficiently long string in the affected field, as d...

6.8CVSS8AI score0.03482EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/01/23 12:28 a.m.14 views

Stack overflow

Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project .HPJ file with a long HLP field in the OPTIONS section...

9.3CVSS8.4AI score0.30965EPSS
Exploits5References6Affected Software1
CVE
CVE
added 2006/01/12 11:0 a.m.50 views

CVE-2006-0187

CVE-2006-0187 concerns Microsoft Visual Studio 2005, where code in the Load event of a user-defined control (UserControl1_Load) runs automatically by design. This behavior could let a user-assisted attacker execute arbitrary code by tricking a user into opening a malicious Visual Studio project f...

5.1CVSS7.3AI score0.19085EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2006/01/12 6:2 a.m.14 views

CVE-2006-0187

By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control UserControl1Load function, which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file...

5.1CVSS7.3AI score0.19085EPSS
Exploits1References5
exploitpack
exploitpack
added 2006/01/12 12:0 a.m.13 views

Microsoft Visual Studio - UserControl Remote Code Execution (1)

Microsoft Visual Studio - UserControl Remote Code Execution 1 source: https://www.securityfocus.com/bid/16225/info Microsoft Visual Studio is prone to a vulnerability that could allow remote attackers to execute arbitrary code. This issue stems from a design flaw that executes code contained in a...

8.1AI score
Exploits0
exploitpack
exploitpack
added 2006/01/12 12:0 a.m.12 views

Microsoft Visual Studio - UserControl Remote Code Execution (2)

Microsoft Visual Studio - UserControl Remote Code Execution 2 source: https://www.securityfocus.com/bid/16225/info Microsoft Visual Studio is prone to a vulnerability that could allow remote attackers to execute arbitrary code. This issue stems from a design flaw that executes code contained in a...

8.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/01/12 12:0 a.m.18 views

Microsoft Visual Studio - UserControl Remote Code Execution (2)

source: https://www.securityfocus.com/bid/16225/info Microsoft Visual Studio is prone to a vulnerability that could allow remote attackers to execute arbitrary code. This issue stems from a design flaw that executes code contained in a project file without first notifying users. Exploiting this...

7.4AI score
Exploits0
Rows per page
Query Builder