Unfixed XSS vulnerability at www.cafewebmaster.com

Security researcher trueliarx, has submitted on 18/04/2010 a cross-site-scripting XSS vulnerability affecting www.cafewebmaster.com, which at the time of submission ranked 183800 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is...

Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a remote buffer-overflow vulnerability when handling specially crafted Audio Video Interleave AVI files. Specifically, this issue arises in the Microsoft MPEG Layer-3 codecs. An attacker can exploit this issue by enticing an unsuspecting user to open a...

Heap overflow

vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary...

CVE-2009-1565

vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary...

Heap overflow

Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote...

CVE-2009-1565

vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary...

CVE-2009-1564

CVE-2009-1564 involves a heap-based buffer overflow in the VMnc movie decoder (vmnc.dll) used by VMware Workstation, VMware Player and related components. The vulnerability allows remote attackers to execute arbitrary code by supplying a crafted AVI file with HexTile-encoded video chunks; affecte...

CVE-2009-1565

VMware VMnc VMnc codec/VMware Movie Decoder (Windows) is affected by CVE-2009-1565. The issue arises from heap-based buffer overflows triggered by crafted HexTile-encoded video chunks in AVI files, enabling remote code execution. Affected products include VMware Movie Decoder before 6.5.4 Build 2...

VUPEN Security Research - VMware Products Movie Decoder Heap Overflow Vulnerability

VUPEN Security Research - VMware Products Movie Decoder Heap Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "VMware is a provider of virtualization software which runs on Microsoft Windows, Linux, and Mac OS X. VMware's enterprise software,...

VMware VMnc编解码器HexTile编码视频块解析堆溢出漏洞

BUGTRAQ ID: 39363 CVE ID: CVE-2009-1564 VMWare是一款虚拟PC软件，允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare媒体解码器包含有用于播放VMware Workstation、VMware Player和VMware ACE所记录电影的VMnc媒体编解码器。vmnc.dll库在处理HexTile编码的视频块时缺少输入检查，用户受骗打开了畸形的AVI文件就可以触发堆溢出，导致执行任意代码。 VMWare Workstation 6.5.x VMWare Player 2.5.x VMWare Server...

Debian DSA-2025-1 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does...

DSA-2025-1 icedove - several vulnerabilities

Bulletin has no description...

eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (2)

eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows 2 Exploit Title : eDisplay Personal FTP server 1.0.0 Multiple Post-Authentication Stack BOF Type of sploit: Remote Code Execution Bug found by : loneferret march 19, 2010 Reference :...

eDisplay Personal FTP server 1.0.0 Multiple Post-Authentication Stack BOF

Exploit for windows platform in category remote exploits ========================================================================= eDisplay Personal FTP server 1.0.0 Multiple Post-Authentication Stack BOF ========================================================================= Exploit Title :...

Mozilla Firefox 3.6 WOFF解码器整数溢出漏洞

BUGTRAQ ID: 38298 CVE ID: CVE-2010-1028 Firefox是一款流行的开源WEB浏览器。 Firefox中所使用的Web开放字体格式（WOFF）解码器在解析字体文件中所指定的表格大小时存在最终可导致堆溢出的整数溢出漏洞。如果用户所访问网页中所嵌入的WOFF字体包含有超长的origLen字段的话，就可以触发这个溢出，导致执行任意代码。 Mozilla Firefox 3.6 临时解决方法： 禁止下载远程字体，在浏览器的地址栏中输入about:config并将以下值设置为false： gfx.downloadablefonts.enabled 厂商补丁：...

Mozilla Fast-Tracks Fix For Critical Firefox Flaw

Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser. The patch, which was originally slated for release on March 30, fixes a vulnerability that could allow remote code execution attacks. The flaw was originally released into the VulnDisco exploit...

Mozilla WOFF decoder integer overflow

Overview An integer overflow in the Mozilla Web Open Fonts Format WOFF decoder may allow a remote attacker to execute code on an affected system. Description The Web Open Fonts Format WOFF is a simple compressed file format for fonts. Mozilla introduced support for WOFF in the 1.9.2 branch of the...

Firefox 3.6.x < 3.6.2 Multiple Vulnerabilities

The installed version of Firefox 3.6.x is earlier than 3.6.2. Such versions are potentially affected by multiple security issues : - The WOFF decoder contains an integer overflow in a font decompression routine. MFSA 2010-08 - Deleted image frames are reused when handling...

Ubuntu Update for thunderbird vulnerabilities USN-915-1

Ubuntu Update for Linux kernel vulnerabilities USN-915-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9151.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for thunderbird vulnerabilities USN-915-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Kenward zipper v1.4 0day Stack Buffer Overflow PoC exploit

Exploit for windows platform in category local exploits ========================================================== Kenward zipper v1.4 0day Stack Buffer Overflow PoC exploit ========================================================== !/usr/bin/python Exploit Title : Kenward zipper v1.4 0day Stack...