673 matches found
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
Multiple heap-based buffer overflows in INMOD.DLL aka the Module Decoder Plug-in in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details ar...
Mandriva Linux Security Advisory : libmikmod (MDVSA-2010:151)
A vulnerability has been discovered and corrected in libmikmod : Multiple heap-based buffer overflows might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file CVE-2009-3995. Packages for 2008.0 and 2009.0 are...
DEBIAN-CVE-2010-2546
Multiple heap-based buffer overflows in loaders/loadit.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and ITProcessEnvelope. NOTE: some of thes...
CVE-2010-2546
Multiple heap-based buffer overflows in loaders/loadit.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and ITProcessEnvelope. NOTE: some of thes...
Heap overflow
Multiple heap-based buffer overflows in loaders/loadit.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and ITProcessEnvelope. NOTE: some of thes...
libtiff: out-of-bounds read crash on images with invalid SamplesPerPixel values
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values...
DEBIAN-CVE-2009-3995
Multiple heap-based buffer overflows in INMOD.DLL aka the Module Decoder Plug-in in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details ar...
CVE-2009-3995
Multiple heap-based buffer overflows in INMOD.DLL aka the Module Decoder Plug-in in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details ar...
CVE-2009-3995
Multiple heap-based buffer overflows in INMOD.DLL aka the Module Decoder Plug-in in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details ar...
CVE-2009-3995
Multiple heap-based buffer overflows in INMOD.DLL aka the Module Decoder Plug-in in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details ar...
CVE-2009-3995
Multiple heap-based buffer overflows in INMOD.DLL aka the Module Decoder Plug-in in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details ar...
FCKeditor connectors模块多个跨站脚本及目录遍历漏洞
CVECAN ID: CVE-2009-2324,CVE-2009-2265 FCKeditor是一款开放源码的HTML文本编辑器。 FCKeditor没有正确地验证用户对多个connector模块所传送的输入,远程攻击者可以利用samples目录中的组件注入任意脚本或HTML,或通过目录遍历攻击上传恶意文件。 FCKeditor = 2.6.4 从editor\filemanager\connectors中删除不使用的连接器 在config.ext中禁用文件浏览器 完全删除samples目录 厂商补丁: FCKeditor ---------...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples aka samples directory...
CVE-2009-2324
Multiple cross-site scripting XSS vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples aka samples directory...
AIX 610002 : U825561
The remote host is missing AIX PTF U825561 which is related to the security of the package X11.samples.fnt.util You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...
gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Time-to-sample (stss) atom data
Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11, and GStreamer Plug-ins aka gstreamer-plugins 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample aka...
PYSEC-2009-16
Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11, and GStreamer Plug-ins aka gstreamer-plugins 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample aka...
PYSEC-2009-16
Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11, and GStreamer Plug-ins aka gstreamer-plugins 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample aka...
PYSEC-2009-14
Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample ctts atom data in a malformed QuickTime medi...
Oracle BEA Weblogic 10 Cross Site Scripting
Digital Security Research Group DSecRG Advisory DSECRG-09-002 Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs: Multiple XSS Vulnerabilities in samples Exploits: YES Reported: 16.07.2008 Vendor response: 18.07.2008 Last response:...