gd: GIF handling buffer overflow

Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with inputcodesize greater than MAXLWZBITS, which triggers an overflow when initializing the table array...

Ubuntu 4.10 / 5.04 : tiff vulnerability (USN-130-1)

Tavis Ormandy discovered a buffer overflow in the TIFF library. A malicious image with an invalid 'bits per sample' number could be constructed which, when decoded, would have resulted in execution of arbitrary code with the privileges of the process using the library. Since this library is used ...

Crack the Bible of the---inside article-vulnerability warning-the black bar safety net

Crack the Bible of the---inside articleback 5 0 passmaster Mo 1classic comparison of the portfolio,often for the registration code appearsby programhunter 1 mov eax here can be a address, it can be the other register mov edx, Ibid. usually these two addresses are stored important information call...

CVE-2004-2611

The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 aka 0.9.6-r5, possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the 1 setuid, 2 setgid, and 3 sticky bits when changing a file, which might allow attackers to gain privileges or conduct other...

CVE-2005-1472

Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories...

libtiff TIFF graphics library buffer overflow

Buffer overflow on invalid bits per sample value...

CVE-2004-2641

Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service system controller hang via IP Packets With Type of Service TOS Bits set...

Orbz Game 2.10 - Remote Buffer Overflow (PoC)

Orbz Game 2.10 - Remote Buffer Overflow PoC / by Luigi Auriemma / include include include include / Read/Write bits to buffer 0.1.1 by Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org max 32 bits numbers supported from 0 to 4294967295. Probably not the fastest bit...

Orbz Game 2.10 - Remote Buffer Overflow (PoC)

/ by Luigi Auriemma / include include include include / Read/Write bits to buffer 0.1.1 by Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org max 32 bits numbers supported from 0 to 4294967295. Probably not the fastest bit packing functions existent, but I like them. /...

Debian DSA-173-1 : bugzilla - privilege escalation

The developers of Bugzilla, a web-based bug tracking system, discovered a problem in the handling of more than 47 groups. When a new product is added to an installation with 47 groups or more and 'usebuggroups' is enabled, the new group will be assigned a groupset bit using Perl math that is not...

Mandrake Linux Security Advisory : cdrecord (MDKSA-2003:058-1)

A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manuall...

HP-UX 11.0 /usr/bin/kermit

Hi! There are many buffer overflows in kermit on HP-UX 11.0 . I am sure it is vulnerable in other HP-UX versions, too, since "C-Kermit 6.0.192, 6 Sep 96, for HP-UX 10.00" is installed in HP-UX 11.0 by default. /usr/bin/kermit is setuid to bin and setgrp to daemon, so upon succesfull exploitation,...

snort protection bypass

Packest with SYN,FIN,ECN bits set are not detected...

CVE-2002-2334

Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users...

CVE-1999-1085

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum...

CVE-2001-1241

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "!" and the desired program name...

CVE-1999-0350

The vulnerability CVE-1999-0350 affects ClearCase’s db_loader, where a race condition can allow local users to obtain root privileges by setting SUID bits. The Red Hat and CVE records confirm the issue and describe the root cause as a race in the db_loader program; exploitation details or specifi...

CVE-1999-0350

Race condition in the dbloader program in ClearCase gives local users root access by setting SUID bits...

suse6.2pbpg.txt

Brock Tellier [email protected] Sent: Thursday, September 16, 1999 5:06 PM Subject: Two SuSE 6.2 local root exploits Greetings, /usr/bin/pb and /usr/bin/pg, suid root by default on SuSE 6.2, allow any user to read any file on the system as shown: susebox:/root ls -la /usr/bin/pb uname -rwsr-xr-...

CVE-1999-0350

Race condition in the dbloader program in ClearCase gives local users root access by setting SUID bits...