330 matches found
CVE-2008-1686
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...
libxine -- array index vulnerability
xine Team reports: A new xine-lib version is now available. This release contains a security fix an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer...
VulnCheck KEV: CVE-2006-5820
The LinkSBIcons method in the SuperBuddy ActiveX control Sb.SuperBuddy.1 in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value...
Buffer overflow principle analysis and protection-vulnerability warning-the black bar safety net
【Abstract】this article from the programming language itself of the defect,is not robust to the perspective,a detailed analysis of buffer overflow attacks the basic principles,describes hackers exploit buffer vulnerabilities system attacks the General process,finally and briefly discussed several...
openSUSE 10 Security Update : gpg2 (gpg2-2352)
Specially crafted files could overflow a buffer when gpg2 was used in interactive mode CVE-2006-6169. - Specially crafted files could modify a function pointer and execute code this way CVE-2006-6235. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
EnterpriseDB code execution
Uninitialized function pointer call if any debugging function is called before pldbgcreatelistener...
CVE-2007-4463
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service unhandled exception via an invalid RVA address function pointer in 1 an IMAGETHUNKDATA structure, involving the a OriginalFirstThunk and b FirstThunk IMAGEIMPORTDESCRIPTOR fields, or 2...
Buffer overflow
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service unhandled exception via an invalid RVA address function pointer in 1 an IMAGETHUNKDATA structure, involving the a OriginalFirstThunk and b FirstThunk IMAGEIMPORTDESCRIPTOR fields, or 2...
EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference
Microsoft Publisher 2007 Arbitrary Pointer Dereference Release Date: July 10, 2007 Date Reported: February 16, 2007 Severity: High Remote Code Execution Vendor: Microsoft Vendor Software Affected: Microsoft Office 2007 Small Business Microsoft Office 2007 Professional Microsoft Office 2007 Ultima...
MagicISO <= 5.4(build239) .cue File Heap Overflow PoC
Exploit for linux platform in category dos / poc ===================================================== MagicISO = 5.4build239 .cue File Heap Overflow PoC ===================================================== !/usr/bin/env ruby Credits to n00b for finding this bug. Magic iso has a stacked based...
MagicISO 5.4 (build239) - .cue Heap Overflow (PoC)
MagicISO 5.4 build239 - .cue Heap Overflow PoC !/usr/bin/env ruby Credits to n00b for finding this bug. Magic iso has a stacked based buffer over-flow when We pass an overly-long file name inside the .cue file We are able to control alot of the registers so Command execution is possible,But im...
Null pointer dereference
The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer...
CVE-2007-1213
The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer...
Linux Kernel 2.6.17 - Sys_Tee Local Privilege Escalation
Linux Kernel 2.6.17 - SysTee Local Privilege Escalation source: https://www.securityfocus.com/bid/22823/info The Linux kernel is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to gain superuser privileges, facilitating the complete compromise of...
SUSE-SA:2007:004: krb5
The remote host is missing the patch for the advisory SUSE-SA:2007:004 krb5. Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute code in kadmind. - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an...
Microsoft Excel Malformed Palette Record DoS PoC (MS07-002)
Exploit for unknown platform in category dos / poc =========================================================== Microsoft Excel Malformed Palette Record DoS PoC MS07-002 =========================================================== """ MS07-002 EXCEL Malformed Palette Record Vulnerability DOS POC...
RPC library / MIT Kerberos kadmind uninitialized function pointer
Function call by uninitialized pointer in RPC server code allows code execution...
GLSA-200612-03 : GnuPG: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200612-03 GnuPG: Multiple vulnerabilities Hugh Warrington has reported a boundary error in GnuPG, in the 'askoutfilename' function from openfile.c: the makeprintablestring function could return a string longer than expected...
Debian DSA-1231-1 : gnupg - several vulnerabilities
Several remote vulnerabilities have been discovered in the GNU privacy guard, a free PGP replacement, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-6169 Werner Koch discovered that a buffer overfl...
FreeBSD : gnupg -- remotely controllable function pointer (4db1669c-8589-11db-ac4f-02e081235dab)
Werner Koch reports : GnuPG uses data structures called filters to process OpenPGP messages. These filters are used in a similar way as a pipelines in the shell. For communication between these filters context structures are used. These are usually allocated on the stack and passed to the filter...