Design/Logic Flaw

The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route...

Out-of-bounds

The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6...

Dnsmasq TFTP Service Remote Heap Buffer Overflow (CVE-2009-2957)

Dnsmasq is a lightweight DNS forwarder and DHCP server, designed to provide DNS and optionally DHCP services to a small-scale network. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines. It includes a secure, read-only, TFTP server to allow...

Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint Viewer. User interaction is required to exploit this vulnerability in that the target must open a malicious presentation. The specific flaw exists in the handling of...

Apple QuickTime FlashPix File Buffer Overflow (CVE-2009-2798)

Apple's QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous audio/video formats. One of the image file formats supported by QuickTime is the FlashPix image format. A heap buffer overflow...

Microsoft Windows Embedded OpenType Font Heap Buffer Overflow (MS09-029; CVE-2009-0231)

Embedded OpenType EOT fonts are a compact form of OpenType fonts designed by Microsoft for use as embedded fonts on web pages. These files usually use the extension ".eot". The Embedded OpenType EOT Font Engine is a Microsoft Windows component that enables Windows applications, such as Microsoft...

Sun Java HsbParser.getSoundBank Stack Buffer Overflow (CVE-2009-3867)

Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java is wide...

HP Power Manager Remote Code Execution (CVE-2009-2685)

A remote code execution vulnerability exists within HP Power Manager. The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based management web server. Remote unauthenticated attackers can exploit this...

DEBIAN-CVE-2010-0290

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query a...

BIND upstream fix for CVE-2009-4022 is incomplete

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query a...

sudosh -- buffer overflow

ISS reports: sudosh2 and sudosh3 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the replay function. By persuading a victim to replay a specially-crafted recorded sudo session, a local attacker could overflow a buffer and execute arbitrary code on the syste...

linux/x86 if(read(fd buf 512)<=2) _exit(1) else buf()

No description provided by source. / h3ll-core.c by Charles Stevenson [email protected] I made this as a chunk you can paste in to make modular remote exploits. I use it as a first stage payload when I desire to follow up with a real large payload of goodness. This actually is a bit larger than...

Alt-N SecurityGateway username Buffer Overflow

$Id: altnsecuritygateway.rb 8010 2009-12-28 20:38:50Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Alt-N SecurityGateway username Buffer Overflow

Alt-N SecurityGateway is prone to a buffer overflow condition. This is due to insufficient bounds checking on the "username" parameter. Successful exploitation could result in code execution with SYSTEM level privileges. NOTE: This service doesn't restart, you'll only get one shot. However, it...

Novell iPrint Client ActiveX Control Multiple Buffer Overflows (CVE-2008-2431)

Novell iPrint Client is an application that allows users to install and manage printers, or submit print job from a web browser. Novell iPrint Client is bundled with a set of ActiveX controls that implement various functions. There exist multiple buffer overflow vulnerabilities in Novell iPrint...

Sun Java Web Start JNLP vm args Stack Overflow (CVE-2008-3111)

The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. There exists a stack buffer...

gif2png 2.5.2 Buffer Overflow

DESCRIPTION: "The gif2png program converts files from the obsolescent Graphic Interchange Format to Portable Network Graphics . The conversion preserves all graphic information, including transparency, perfectly. The gif2png program can even recover data from corrupted GIFs." homepage:...

Mandriva Security Advisory MDVSA-2009:030-1 (amarok)

The remote host is missing an update to amarok announced via advisory MDVSA-2009:030-1. OpenVAS Vulnerability Test $Id: mdksa20090301.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:030-1 amarok Authors: Thomas Reinke Copyright: Copyright c 2009 E-So...

Fedora Core 12 FEDORA-2009-13039 (kernel)

The remote host is missing an update to the kernel announced via advisory FEDORA-2009-13039. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...

Fedora 12 : kernel-2.6.31.6-166.fc12 (2009-13039)

CVE-2009-4131: EXT4 - fix insufficient permission checking which could result in arbitrary data corruption by a local unprivileged user. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...