Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)

This host is missing a critical security update according to Microsoft Bulletin MS09-061. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Apple Safari / WebKit DoS

Stack overflow stack memory exhaustion on eval expression parsing...

CVE-2009-2726

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 do...

Code injection

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 do...

CVE-2009-2726

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 do...

CVE-2009-2726

CVE-2009-2726 affects the Asterisk SIP channel driver and is a DoS due to improper input handling in sscanf-style processing of SIP packets. Affected products and versions include Asterisk Open Source 1.2.x up to 1.2.34, 1.4.x up to 1.4.26.1, 1.6.0.x up to 1.6.0.12, 1.6.1.x up to 1.6.1.4, along w...

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

Asterisk Project Security Advisory - AST-2009-005 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |...

Microsoft Video ActiveX control stack buffer overflow

Overview The Microsoft Video ActiveX control contains a stack buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows comes with an ActiveX component called "ActiveX control for streaming...

Sorinara Streaming Audio Player Stack Overflow Vulnerability

Sorinara Streaming Audio Player is prone to a stack overflow vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for rsync vulnerability USN-500-1

Ubuntu Update for Linux kernel vulnerabilities USN-500-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5001.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for rsync vulnerability USN-500-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Windows Server Service buffer overflow MS08-067

Added: 10/24/2008 CVE: CVE-2008-4250 BID: 31874 OSVDB: 49243 Background The Windows Server service supports file, print, and named-pipe sharing over the network. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC reques...

Microsoft Excel FORMAT记录无效数组索引漏洞（MS08-043）

BUGTRAQ ID: 30639 CVECAN ID: CVE-2008-3005 Excel是Microsoft Office办公软件套件中的电子表格工具。 Excel没有正确地处理电子表格中的FORMAT记录，如果电子表格中包含有越界数组索引的话，则打开该文件就会导致Excel向栈内存的任意位置写入一个字节，成功利用这个漏洞允许以当前登录用户的权限执行任意指令。 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac...

iDefense Security Advisory 08.12.08: Microsoft Excel FORMAT Record Invalid Array Index Vulnerability

iDefense Security Advisory 08.12.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 12, 2008 I. BACKGROUND Microsoft Excel is the spreadsheet application that is included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website...

Design/Logic Flaw

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers ...

CVE-2007-0061

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers ...

Information disclosure

Guidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service stack memory consumption and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might...

CVE-2007-4194

Guidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service stack memory consumption and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might...

CVE-2007-4194

CVE-2007-4194 concerns Guidance Software EnCase 5.0 and describes user‑assisted remote denial of service via a malformed file, related to EnCase’s file system parsing. The core weakness centers on how EnCase parses certain inputs, potentially causing stack memory consumption and unspecified impac...

DNS RPC analysis-vulnerability warning-the black bar safety net

Author: cloud Shu Date: 2007-04-27 http://www.ph4nt0m.org According to the security Bulletin for the vulnerability description, vulnerability occurs in the dns. exe program in the DnssrvQuery Function, This function is an RPC function, allows clients to make remote calls. First with IDA on dns. e...

security flaw

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...