CVE-2008-1584

Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service crash or execute arbitrary code via crafted Indeo video codec content in a movie file...

Design/Logic Flaw

The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service management interface outage or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "frontpage" sequence, and ends with a...

CVE-2008-1673

The asn1 implementation in a the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ipnatsnmpbasic modules; and b the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of servi...

CVE-2008-2636

The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service management interface outage or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "frontpage" sequence, and ends with a...

CVE-2008-1673

The asn1 implementation in a the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ipnatsnmpbasic modules; and b the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of servi...

CVE-2008-2573

Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSHFXPOPENDIR aka opendir command...

CVE-2008-1108

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment...

Buffer overflow

Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and...

CVE-2008-2426

Multiple stack-based buffer overflows in Imlib 2 aka imlib2 1.4.0 allow user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a PNM image with a crafted header, related to the load function in src/modules/loaders/loaderpnm.c; or 2 a crafted XPM...

Design/Logic Flaw

Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted document file, as demonstrated by opening the document with TextEdit...

CVE-2008-2426

Multiple stack-based buffer overflows in Imlib 2 aka imlib2 1.4.0 allow user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a PNM image with a crafted header, related to the load function in src/modules/loaders/loaderpnm.c; or 2 a crafted XPM...

CVE-2008-2363

The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow...

CVE-2008-2426

Multiple stack-based buffer overflows in Imlib 2 aka imlib2 1.4.0 allow user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a PNM image with a crafted header, related to the load function in src/modules/loaders/loaderpnm.c; or 2 a crafted XPM...

Debian: Security Advisory (DSA-1583-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ClassSystem 2.02.3 - HomepageTop.php?teacher_id SQL Injection

ClassSystem 2.02.3 - HomepageTop.php?teacherid SQL Injection source: https://www.securityfocus.com/bid/29372/info ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection...

ClassSystem 2.02.3 - HomepageMain.php?teacher_id SQL Injection

ClassSystem 2.02.3 - HomepageMain.php?teacherid SQL Injection source: https://www.securityfocus.com/bid/29372/info ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection...

CVE-2008-2419

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service heap corruption and application crash or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in...

CVE-2008-1767

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps...

Stack overflow

Stack-based buffer overflow in the splitredraw function in split.c in mtr before 0.73, when invoked with the -p aka --split option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the nsnamentop function in...

DSA-1583-1 gnome-peercast - several vulnerabilities

Bulletin has no description...