LISTSERV contains multiple buffer overflow vulnerabilities in the WA CGI script

Overview Several buffer overflow vulnerabilities have been discovered in LISTSERV. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description L-Soft's LISTSERV is an email list management software package. It includes a Web Archive and...

CVE-2006-1010

Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service segmentation fault and possibly execute code by sending the server a large request...

BlackBerry Enterprise Server Attachment Handling Buffer Overflows

The version of BlackBerry Enterprise Server on the remote host reportedly contains flaws in its handling of Word and TIFF document attachments that may result in buffer overflows when a user opens a malformed file on a BlackBerry device. A remote attacker may be able to exploit this issue to...

Path traversal

Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the 1 quizhead, 2 quizfoot, and 3 template variables...

CVE-2006-0795

CVE-2006-0795 affects Quirex convert.cgi (versions 2.0.2 and earlier). The vulnerability is an absolute path traversal via the quiz_head, quiz_foot, and template variables, allowing remote attackers to read arbitrary files and, per sources, possibly execute code. Exploit is reported as available,...

CVE-2006-0782

Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of 1 the reply parameter, possibly involving injection of 2 the name parameter and...

CVE-2006-0597

Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service application crash and possibly execute code via long "revision attributes"...

CVE-2006-0597

Removed by vendor...

Tftpd32 Error Message Format String

The remote host appears to be running Tftpd32, a tftpd server for Windows. There is a format string vulnerability in versions of Tftpd32 up to and including 2.81 that may allow remote attackers to crash the server or to execute code on the affected host subject to the privileges under which the...

Integer overflow

An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service crash and possibly execute code via a crafted WMF file with a manipulated WMF...

CVE-2005-3240

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and...

HTTP Version Number Overflow DoS Vulnerability

It was possible to kill the web server by sending an invalid GET request with a too long HTTP version field. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

OpenVMPS Logging Function Format String

The remote host appears to be running OpenVMPS, an open source VLAN Management Policy Server VMPS. There is a format string vulnerability in versions of OpenVMPS up to and including 1.3 that may allow remote attackers to crash the server or execute code on the affected host subject to the...

CVE-2005-3254

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian...

[SECURITY] [DSA 855-1] New weex packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 855-1 [email protected] http://www.debian.org/security/ Martin Schulze October 10th, 2005 http://www.debian.org/security/faq -...

Debian DSA-826-1 : helix-player - multiple vulnerabilities

Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources. - CAN-2005-1766 Buffer overflow in the RealText parser could allow remote code execution via a...

CVE-2005-2964

Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism...

CVE-2005-2935

Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940...

Microsoft Windows - keybd_event Local Privilege Escalation

Microsoft Windows - keybdevent Local Privilege Escalation / Microsoft Windows keybdevent validation vulnerability. Local privilege elevation Credits: Andres Tarasco aT4r @ haxorcitos.com Iñaki Lopez ilo @ reversing.org Platforms afected/tested: - Windows 2000 - Windows XP - Windows 2003 Original...

CVE-2002-1997

CVE-2002-1997 : ZoneAlarm Pro 3.0 MailSafe is described as allowing remote attackers to bypass filtering and possibly execute arbitrary code via email attachments containing a trailing dot after the file extension. The provided sources confirm this description but do not offer concrete technical ...