211 matches found
CVE-2016-4542
The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...
CVE-2016-4544
The exifprocessTIFFinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...
CVE-2016-4543
The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...
DEBIAN-CVE-2016-2525
epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service memory consumption or application crash via a crafted packet...
CVE-2015-8741
The dissectppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service application crash via a crafted packet...
Hewlett-Packard KeyView IDOL AutoCAD Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling...
UBUNTU-CVE-2015-3153
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...
Symantec Encryption Management Server EMAIL Header Field Injection Vulnerability
Symantec Encryption Management Server is a single console for managing multiple encryption applications in the PGP platform. Symantec Encryption Management Server does not properly handle email header field data, which can be exploited by a remote attacker to conduct email header injection attack...
CounterPath eyeBeam 1.1 build 3010n SIP Header Data Remote Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/16253/info A remote buffer-overflow vulnerability affects CounterPath eyeBeam because the application fails to properly validate the length of user-supplied strings prior to copying them into static process buffers. An...
MPlayer 1.0 AVIHeader.C Heap Based Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25648/info MPlayer is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input data. Attackers can exploit this issue to execute arbitrary code with t...
CVE-2013-0847
The ffid3v2parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access...
CVE-2013-0847
The vulnerability CVE-2013-0847 affects FFmpeg (libavformat/id3v2.c, function ff_id3v2_parse) in builds before 1.1, where crafted ID3v2 header data can trigger an out-of-bounds array access, allowing remote attackers to impact confidentiality/integrity/availability. Several connected records (NVD...
CVE-2013-0847
The ffid3v2parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access...
CVE-2013-0847
The ffid3v2parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access...
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : tomcat6 vulnerabilities (USN-1637-1)
It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. CVE-2012-2733 It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A...
Apache Tomcat 7.0.0 < 7.0.28 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.28. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.28security-7 advisory. - java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6...
DEBIAN-CVE-2012-2330
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...
Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QuicktimeH26...
PHP 5.x < 5.2.2 Multiple vulnerabilities
According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2.2. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer overflow vulnerability was found in PHP's gd extension. A script that could be forced to process WBMP images from an...
Citrix Access Gateway Plug-in for Windows ActiveX Control Multiple Vulnerabilities (CTX129902)
The Citrix Access Gateway ActiveX control for Citrix Access Gateway Enterprise Edition is installed on the remote Windows host. It is the ActiveX component of the Citrix Access Gateway Plug-in for Windows and provides an SSL-based VPN via a web browser. The installed version of this control is...