47 matches found
EUVD-2007-5795
Malware in sbrugna...
EUVD-2008-1771
Malware in sbrugna...
CVE-2012-5875
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...
SUSE CVE-2007-5824
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...
SUSE CVE-2007-5825
Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...
Firefly Media Server <= 0.2.4 - Remote Denial of Service Exploit
No description provided by source. !C:\python25\python25.exe Advisory : UPH-07-02 mt-dappd/Firefly media server remote DoS Discovered by nnp http://www.unprotectedhex.com import sys import socket import time if lensys.argv != 3: sys.exit-1 killmsg = GET /xml-rpc?method=stats HTTP/1.1\r\n...
firefly media server (mt-daapd) 2.4.1 / svn 1699 - Multiple Vulnerabilities
No description provided by source. Luigi Auriemma Application: Firefly Media Server mt-daapd http://www.fireflymediaserver.org Versions: = 2.4.1 and SVN = 1699 Platforms: nix, Windows, Mac and others Bugs: A partial directory traversal on Windows B authentication bypass on Windows C duplicated HT...
CVE-2012-5875
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...
CVE-2012-5875
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...
Null pointer dereference
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...
UBUNTU-CVE-2012-5875
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...
CVE-2012-5875
CVE-2012-5875 affects Firefly Media Server 1.0.0.1359. The issue is a NULL pointer dereference caused by improper handling of HTTP headers (Connection, Accept-Language, User-Agent, Host, protocol version, and HTTP protocol version), enabling remote denial of service. Exploitation details are desc...
CVE-2012-5875
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...
Firefly Media Server firefly.exe畸形HTTP请求远程拒绝服务漏洞
BUGTRAQ ID: 56999 CVECAN ID: CVE-2012-5875 Firefly Media Server是开源的音频媒体服务器。 Firefly Media Server 1.0.0.1359及其他版本存在多个空指针引用漏洞,恶意用户可利用这些漏洞造成远程服务器崩溃。 1)"firefly.exe"文件内的HTTP CONNECTION标头没有正确处理,通过发送特制的报文到9999/TCP端口,可导致空指针引用,造成受影响服务器立即崩溃。 崩溃细节: EIP: 0041e223 cmp byte ecx,0x20 EAX: 0175eee8 24506088 -...
FireFly Media Server Multiple Remote DoS Vulnerabilities
High-Tech Bridge Security Research Lab has discovered multiple remote denial of service DoS vulnerabilities in FireFly Media Server, which could be exploited by a malicious person to crash a remote server. 1 Multiple NULL pointer dereference vulnerabilities in FireFly Media Server: CVE-2012-5875...
Firefly媒体服务器畸形Content-Length字段堆溢出漏洞
BUGTRAQ ID: 28860 CVECAN ID: CVE-2008-1771 Firefly是Roku SoundBridge和iTunes所使用的开源媒体服务器。 Firefly的src/webserver.c文件的wsgetpostvars函数中存在堆溢出漏洞,如果远程攻击者向服务区发送了带有负数Content-Length值的POST请求的话就可以触发这个溢出,导致拒绝服务或执行任意指令。 以下是src/webserver.c文件中的漏洞代码: 707 int wsgetpostvarsWSCONNINFO pwsc 708 char contentlength; 709...
Firefly Media Server ws_getpostvars Function Content-Length Header HTTP Request Handling Overflow
The remote host is running Firefly Media Server, also known as mt-daapd, a media streaming server. The version of Firefly Media Server installed on the remote host apparently fails to sanitize user-supplied Content-Length field before using it to the call to 'malloclen+1' in 'src/webserver.c'...
Integer overflow
Integer overflow in the wsgetpostvars function in Firefly Media Server formerly mt-daapd 0.2.4.1 0.9r1696-1.2 on Debian allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a large Content-Length...
CVE-2008-1771
Integer overflow in the wsgetpostvars function in Firefly Media Server formerly mt-daapd 0.2.4.1 0.9r1696-1.2 on Debian allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a large Content-Length...
CVE-2008-1771
Integer overflow in the wsgetpostvars function in Firefly Media Server formerly mt-daapd 0.2.4.1 0.9r1696-1.2 on Debian allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a large Content-Length...