[GOODFELLAS-VULN] FileFind class from MFC Library cause heap overflow

:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: FileFind class from MFC Library cause heap overflow. =================================================== Internal ID: VULWKU200706142 introduction ------------ The GOODFELLAS security research team has found a bug in...

Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Server Protect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine TMregChange exported by TMReg.dll which is reachable through th...

USN-510-1: Linux kernel vulnerabilities

A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. CVE-2007-2525 An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel...

Fedora Core 6 : rpm-4.4.2.1-1.fc6 (2007-668)

Summary of changes : - update to 4.4.2.1 fixing 247749 and countless others - avoid unnecessary .rpmsave / .rpmnew files 29470, 128622 - stricter docdir checking 246819 - allow checking for pending signals from python 181434 - add hook to python for cleaning up on unclean exit 245389 - resurrect...

CVE-2007-3679

The Citrix EPA ActiveX control aka the "endpoint checking control" or CCAOControl Object before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client syste...

asteridex-exec.txt

Hoku Security Vulnerability Advisory Title: AsteriDex remote command execution Vendor URL: http://bestof.nerdvittles.com/applications/asteridex/ Type: Command injection / remote code execution Vulnerable versions: = 3.0 Risk factor: High Popularity: Low Author: Carl Livitt Contact: [email protected]...

AsteriDex (Asterisk / Trixbox) remote code execution

Hoku Security Vulnerability Advisory Title: AsteriDex remote command execution Vendor URL: http://bestof.nerdvittles.com/applications/asteridex/ Type: Command injection / remote code execution Vulnerable versions: = 3.0 Risk factor: High Popularity: Low Author: Carl Livitt Contact: [email protected]...

SAP DB 7.x Web Server - 'WAHTTP.exe' Multiple Buffer Overflow Vulnerabilities

// source: https://www.securityfocus.com/bid/24773/info SAP DB Web Server is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. Successfully exploiting these issues will allow an...

PC SOFT WinDEV 11 - .WDP File Parsing Stack Buffer Overflow

PC SOFT WinDEV 11 - .WDP File Parsing Stack Buffer Overflow source: https://www.securityfocus.com/bid/24693/info PC SOFT WinDEV is prone to a stack-based buffer-overflow vulnerability when it attempts to process malformed project files. This issue occurs because the application fails to perform...

Juniper SBR V 6.0.1 CRL-Checking problem

We tried to setup crl-checking on den sbr v 6.0.1 Steel Belted RADIUS. The URL socket is located on the RSA Authenticationsever V 6.7. Radius authentication via EAP TLS should not work because the SBR got a "CRL Fetch: HTTP socket connect failure from one of...

[CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities

Title: CAID 35395, 35396: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities CA Vuln ID CAID: 35395, 35396 CA Advisory Date: 2007-06-05 Reported By: ZDI Impact: Remote attackers can cause a denial of service or potentially execute arbitrary code. Summary: CA Anti-Virus engine contains...

GDB 6.6 - Process_Coff_Symbol UPX File Buffer Overflow

GDB 6.6 - ProcessCoffSymbol UPX File Buffer Overflow source: https://www.securityfocus.com/bid/24291/info GDB is prone to a buffer-overflow vulnerability because it fails to properly check bounds when handling specially crafted executable files. Attackers could leverage this issue to run arbitrar...

NOD32 antivirus buffer overflow

Buffer overflow on file checking with oversized path...

Darwin Streaming Server < 5.5.5 Multiple RCE Vulnerabilities

According to its banner, the version of Apple Darwin Streaming Server running on the remote host is prior to version 5.5.5. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the Apple Darwin Streaming Proxy that allows an unauthenticated, remote...

Cisco Security Advisory: Multiple Vulnerabilities in the IOS FTP Server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in the IOS FTP Server Advisory ID: cisco-sa-20070509-iosftp http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml Revision 1.0 For Public Release 2007 May 09 1600 UTC GMT -...

Debian DSA-1284-1 : qemu - several vulnerabilities

Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1320 Tavis Ormandy discovered that a memory manageme...

DSA-1284-1 qemu

Bulletin has no description...

Code injection

Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd...

CVE-2007-2251

Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd...

CVE-2007-2251

CVE-2007-2251 : In Xaraya, the Roles module (versions