CVE-2008-1611

CVE-2008-1611 describes a stack-based buffer overflow in TFTP Server SP 1.4 for Windows. A long filename in a read or write request can cause denial of service or remote code execution. Connected documents provide concrete exploit details: a Metasploit module for TFTP Server 1.4 (WRQ buffer overf...

CVE-2008-1609

Multiple PHP remote file inclusion vulnerabilities in just another flat file JAF CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 website parameter to a forum.php, b headlines.php, and c main.php in forum/, and 2 maindir parameter to forum/forum.php. NOTE: other...

Integer overflow

The silcpkcs1decode function in the silccrypt library silcpkcs1.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS1 message, which triggers an integer...

CVE-2008-0924

Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service daemon crash or CPU consumption or execute arbitrary code via a long delRequest...

Format string

Format string vulnerability in the Net Inspector HTTP server mghttpd in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file...

CVE-2008-0947

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 krb5 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors...

CVE-2008-0989

Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname...

CVE-2008-0989

Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname...

CVE-2008-0057

Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list...

Integer overflow

Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data...

Buffer overflow

Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server IDS 7.x through 11.x allow 1 remote attackers to execute arbitrary code via a long password and 2 remote authenticated users to execute arbitrary code via a long DBPATH value...

Design/Logic Flaw

The NEEDBITS macro in the inflatedynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data...

CVE-2008-0888

The NEEDBITS macro in the inflatedynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data...

CVE-2008-0888

The NEEDBITS macro in the inflatedynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data...

CVE-2008-1357

CVE-2008-1357 affects McAfee CMA 3.6.0.574 (Patch 3) and earlier, used with ePolicy Orchestrator 4.0.0 build 1015. The vulnerability is in the logDetail function of applib.dll and stems from a format string issue in the UDP AgentWakeup handling (port 8082) that can leak into the format string spe...

Buffer overflow

Buffer overflow in the Matroska demuxer demuxers/demuxmatroska.c in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Matroska file with invalid frame sizes...

CVE-2008-1161

Buffer overflow in the Matroska demuxer demuxers/demuxmatroska.c in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Matroska file with invalid frame sizes...

CVE-2008-1161

Buffer overflow in the Matroska demuxer demuxers/demuxmatroska.c in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Matroska file with invalid frame sizes...

CVE-2008-1227

Stack-based buffer overflow in the silcfingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing SILC Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via long input data. NOTE...

CVE-2008-1217

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706...