156 matches found
Cross site request forgery (csrf)
The Urlinit function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service NULL dereference and daemon crash via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request...
Input validation
Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual...
Buffer overflow
Multiple buffer overflows in the RTSPvalidresponsemsg function in RTSPstatemachine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via 1 a long first line of a response, as demonstrated by a long VER line; or 2 a long second line of a response, as demonstrated...
CVE-2007-6626
Multiple buffer overflows in the RTSPvalidresponsemsg function in RTSPstatemachine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via 1 a long first line of a response, as demonstrated by a long VER line; or 2 a long second line of a response, as demonstrated...
CVE-2007-6629
The CVE-2007-6629 entry concerns LScube Feng 0.1.15 and earlier, where an interpretation conflict in a User-Agent line containing a carriage-return character can trigger a NULL dereference and daemon crash, causing a denial of service. The issue arises because the line-delimiter handling differs ...
CVE-2007-6626
CVE-2007-6626 describes multiple buffer overflows in the RTSP_valid_response_msg function of RTSP_state_machine.c in LScube Feng 0.1.15 and earlier, enabling remote attackers to execute arbitrary code via (1) an excessively long first line of a response (VER line) or (2) an excessively long secon...
CVE-2007-6628
CVE-2007-6628 affects LScube Feng 0.1.15 and earlier. The issue allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via two malformed headers: (1) Transport header triggering misparsing in RTSP_setup.c’s parse_transport_header (example: a header containing onl...
CVE-2007-6628
LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via 1 a malformed Transport header, which triggers misparsing in parsetransportheader in RTSPsetup.c, as demonstrated by a Transport header that contains only a...
CVE-2007-6626
Multiple buffer overflows in the RTSPvalidresponsemsg function in RTSPstatemachine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via 1 a long first line of a response, as demonstrated by a long VER line; or 2 a long second line of a response, as demonstrated...
CVE-2007-6629
Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual...
Multiple vulnerabilities in Feng 0.1.15
Luigi Auriemma Application: Feng http://live.polito.it/documentation/feng Versions: = 0.1.15 Platforms: nix Bugs: A first buffer-overflow in RTSPvalidresponsemsg B second buffer-overflow in RTSPvalidresponsemsg C crash in RTSPremovemsg D NULL pointer in parsetransportheader E NULL pointer in...
Feng RTSP streaming server multiple security vulnerabilities
Multiple buffer overflows and DoS conditions...
Feng 0.1.15 - Multiple Remote Buffer Overflow Denial of Service Vulnerabilities
Feng 0.1.15 - Multiple Remote Buffer Overflow Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/27049/info Feng is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities. Successfully exploiting these issues allows remote attackers to execute...
Feng 0.1.15 - Multiple Remote Buffer Overflow / Denial of Service Vulnerabilities
source: https://www.securityfocus.com/bid/27049/info Feng is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the server application. Attackers may also crash th...
Microsoft Windows - Animated Cursor .ani Universal Generator
Microsoft Windows - Animated Cursor .ani Universal Generator -------------------------------------------------------------------------------- Info: .ANI RIFF Cursors 2007 universal exploit generator Tested on MS Internet Explorer 6.x-7.x, Windows XP SP2, Windows Vista Author: Yag Kohha 10xnGr33tz...
gedit -- format string vulnerability
Yan Feng reports a format string vulnerability in gedit. This vulnerability could cause a denial of service with a binary file that contains format string characters within the filename. It had been reported that web browsers and email clients can be configured to provide a filename as an argumen...