mt-daapd -- integer overflow

FrSIRT reports: A vulnerability has been identified in mt-daapd which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the wsgetpostvars function when processing a negative Content-Length: head...

CVE-2008-1878

Stack-based buffer overflow in the demuxnsfsendchunk function in src/demuxers/demuxnsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long NSF title...

CVE-2007-5745

Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Quattro Pro QPRO file with crafted 1 Attribute and 2 Font Description records...

CVE-2007-5745

Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Quattro Pro QPRO file with crafted 1 Attribute and 2 Font Description records...

CVE-2008-1842

Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager OV NNM 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service daemon crash or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a...

CVE-2008-1771

CVE-2008-1771 describes an integer overflow in ws_getpostvars in mt-daapd (Firefly Media Server) v0.2.4.1 and related builds, triggered by a large HTTP POST Content-Length. This can cause a heap buffer overflow with potential remote code execution, alongside denial of service. Connected advisorie...

CVE-2008-1382

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory...

CVE-2008-1100

Buffer overflow in the cliscanpe function in libclamav libclamav/pe.c for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file...

Format string

Format string vulnerability in the grant helper polkit-grant-helper.c in PolicyKit 0.7 and earlier allows attackers to cause a denial of service crash and possibly execute arbitrary code via format strings in a password...

CVE-2008-1658

Format string vulnerability in the grant helper polkit-grant-helper.c in PolicyKit 0.7 and earlier allows attackers to cause a denial of service crash and possibly execute arbitrary code via format strings in a password...

Buffer overflow

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute xattr support enabled, might allow remote attackers to execute arbitrary code via unknown vectors...

Buffer overflow

Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy formerly Verity KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with 1 a long ENCODING...

Buffer overflow

Buffer overflow in mimesr.dll in Autonomy formerly Verity KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail MIME attachment...

CVE-2008-1718

Buffer overflow in mimesr.dll in Autonomy formerly Verity KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail MIME attachment...

WinWebMail 3.7.3 - IMAP Login Data Handling Denial of Service

WinWebMail 3.7.3 - IMAP Login Data Handling Denial of Service source: https://www.securityfocus.com/bid/28721/info WinWebMail is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input. Remote attackers can exploit this issue to crash...

CVE-2008-1085

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler...

CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...

Buffer overflow

Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."...

Stack overflow

Stack-based buffer overflow in the PGMWebHandler::parserequest function in the StarTeam Multicast Service component STMulticastService 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request...

Integer overflow

Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888...