Format string

Format string vulnerability in the logmessage function in lks.c in Linux Kiss Server 1.2, when background daemon mode is disabled, allows remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in an invalid command...

CVE-2008-0072

Format string vulnerability in the emfmultipartencrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field...

Stack overflow

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information...

Heap overflow

The loadtile function in the XCF coder in coders/xcf.c in 1 ImageMagick 6.2.8-0 and 2 GraphicsMagick aka gm 1.1.7 allows user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly...

CVE-2008-1096

The loadtile function in the XCF coder in coders/xcf.c in 1 ImageMagick 6.2.8-0 and 2 GraphicsMagick aka gm 1.1.7 allows user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly...

CVE-2008-1096

The CVE-2008-1096 issue affects ImageMagick (load_tile in the XCF coder) and GraphicsMagick, where a crafted .xcf file can trigger an out-of-bounds heap write, potentially causing a crash or remote code execution. Root cause: a faulty XCF decoding path (load_tile) with a heap write beyond bounds,...

CVE-2008-1128

PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

IPS-1 Protection Updates for yardradius and Cisco IOS Vulnerabilities and IPS-1 Protocol and Protocol Subsystems Updates

A vulnerability in yardradius could allow a remote attacker to execute arbitrary code via a buffer overflow. A vulnerability in Cisco IOS 12.2T through 12.4 could allows remote attackers to bypass Authentication, Authorization, and Accounting AAA RADIUS authentication via a long username...

CVE-2008-1054

Stack-based buffer overflow in the libspawnusergetpid function in 1 swatch.exe and 2 surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via an HTTP request with multiple long heade...

CVE-2008-0858

Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors...

Remote file inclusion

PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter...

Stack overflow

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via long arguments to the 1 SetBgColor, 2 SetHREF, 3 SetMovieName, 4 SetTarget, and 5...

CVE-2007-3676

IBM DB2 Universal Database UDB Administration Server DAS 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory...

CVE-2008-0077

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption...

CVE-2008-0078

Unspecified vulnerability in an ActiveX control dxtmsft.dll in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."...

Integer overflow

Integer overflow in the cliscanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow...

CVE-2007-5666

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655...

Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying...

CVE-2008-0554

Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484...

CVE-2008-0648

Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 indexFooter.php; and 2 DatabaseManager.php, 3 FieldManager.php, 4 Filter.php, 5 Form.php, 6 FormManager.php, 7...