CVE-2008-5660

Format string vulnerability in the vinagreutilsshowerror function src/vinagre-utils.c in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response...

CVE-2008-5660

Format string vulnerability in the vinagreutilsshowerror function src/vinagre-utils.c in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response...

Memory corruption

The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via a crafted date string, related to improper memory allocation...

CVE-2008-4221

The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via a crafted date string, related to improper memory allocation...

CVE-2008-4844

Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving 1 an XML Island, 2 XML DSOs, or 3 Tabular Data Control TDC in a craft...

CVE-2008-5415

CA ARCserve Backup on Windows (LDBserver) across versions 11.1, 11.5, and 12.0 is affected. The vulnerability stems from insufficient verification of handle_t arguments passed to an RPC endpoint, where the handle refers to an incompatible procedure, enabling remote code execution or service crash...

Memory corruption

Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains...

CVE-2008-3465

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter,...

CVE-2008-5235

Heap-based buffer overflow in the demuxrealsendchunk function in src/demuxers/demuxreal.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information...

CVE-2008-5240

xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for 1 the MATROSKAIDTRCODECPRIVATE track entry element processed by demuxmatroska.c; and 2 PROPTAG, 3 MDPRTAG, and 4 CONTTAG chunks processed...

Integer overflow

Integer overflow in the realparsemdpr function in demuxreal.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted streamnamesize field...

CVE-2008-5246

Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the 1 id3v22interpframe and 2 id3v24interpframe functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are...

CVE-2008-5238

Integer overflow in the realparsemdpr function in demuxreal.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted streamnamesize field...

CVE-2008-5233

CVE-2008-5233 affects xine-lib 1.1.12 and earlier; the vulnerability stems from missing malloc failure checks in demux_mng.c (mymng_process_header), demux_mod.c (open_mod_file), and demux_real.c (frame_buffer) which can allow a remote attacker to crash the player or possibly execute arbitrary cod...

CVE-2008-4226

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a large XML document...

CVE-2008-4226

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a large XML document...

CVE-2008-5187

The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability...

CVE-2007-0073

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC...

CVE-2008-4824

Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."...

CVE-2008-5106

Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console...