CVE-2010-2881

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a...

CVE-2010-2870

DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service heap memory corruption or execute arbitrary code via a crafted movie...

Remote file inclusion

PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

Debian: Security Advisory (DSA-2077-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-3064

CVE-2010-3064: Stack-based buffer overflow in php_mysqlnd_auth_write (Mysqlnd extension) affects PHP 5.3–5.3.2. Context-dependent attackers could crash the process or possibly execute arbitrary code via a long username or database name passed to mysql_connect or mysqli_connect. Remediation: upgra...

CVE-2010-2810

Heap-based buffer overflow in the converttoidna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed URL containing a % percent character in...

Ubuntu: Security Advisory (USN-973-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JVN#91740962: Winny vulnerable to buffer overflow

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN21471805 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...

CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

CVE-2010-2500

Integer overflow in the grayrenderspan function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

CVE-2010-2805

The FTStreamEnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

Buffer overflow

Buffer overflow in the MacReadPOSTResource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment...

Integer overflow

Integer overflow in the grayrenderspan function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

CVE-2010-2801

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the...

VxWorks WDB Debug Service Detection

A VxWorks WDB Debug Agent is running on this host. Using this service, it is possible to read or write any memory zone or execute arbitrary code on the host. An attacker can use this flaw to take complete control of the affected device. C Tenable Network Security, Inc. include"compat.inc"; if...

CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

CVE-2010-1786

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service application crash via a foreignObject elemen...

CVE-2010-1780

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to...