DEBIAN-CVE-2008-1367

gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag DF from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signa...

CVE-2008-1367

CVE-2008-1367 corresponds to a Linux kernel issue where gcc 4.3.x may not emit a cld instruction while compiling string manipulation code (e.g., memcpy/memmove), preventing the direction flag (DF) from being reset and potentially causing memory copy in the wrong direction during signal handling. ...

CVE-2008-1367

gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag DF from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signa...

Multiple vulnerabilities in WinCom LPD Total 3.0.2.623

Luigi Auriemma Application: WinCom LPD Total - Line Printer Daemon http://clientsoftware.com.au/lpd.html Versions: = 3.0.2.623 Platforms: Windows Bugs: A buffer-overflow in control filename B remote administration bypassing C integer memcpy crash in remote administration D buffer-overflow in remo...

ASA-2007-016: Remote crash vulnerability in Skinny channel driver

Asterisk Project Security Advisory - ASA-2007-016 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Remote crash vulnerability in Skinny channel | | | driver |...

CVE-2007-3764

The Skinny channel driver chanskinny in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a certain data length value...

CVE-2007-3764

The Skinny channel driver chanskinny in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a certain data length value...

Mandrake Linux Security Advisory : xine-lib (MDKSA-2007:062)

The DSVideoDecoderOpen function in DirectShow/DSVideoDecoder.c in xine-lib does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code. Updated packages have been patched to address this issue...

[Full-disclosure] MPlayer DMO buffer overflow

There's an exploitable buffer overflow in the current version of MPlayer v1.0rc1 which can be exploited with a maliciously crafted video file. It's hidden in the function DMOVideoDecoder in the file loader/dmo/DMOVideoDecoder.c. The variable format-biSize gets its value directly from the video...

Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow

/ ---- madwifi WPA/RSN IE remote kernel buffer overflow ------ expoit code by: sgrakkyu antifork.org -- 10/1/2007 CVE: 2006-6332 Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES for wpa .... memcpybuf, se-sewpaie, se-sewpaie1 + 2 .... .... the function re-uses args in the stack before returning so...

security flaw

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different...

Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)

No description provided by source. !/usr/bin/ruby cyrus-imapd pop3d exploit by bannedit 05/23/2006 This exploit takes advantage of a stack based overflow. Once the stack corruption has occured it is possible to overwrite a pointer which is later used for a memcpy this gives us a write anything...

Cyrus IMAPD 2.3.2 - pop3d Remote Buffer Overflow (2)

Cyrus IMAPD 2.3.2 - pop3d Remote Buffer Overflow 2 !/usr/bin/ruby cyrus-imapd pop3d exploit by bannedit 05/23/2006 This exploit takes advantage of a stack based overflow. Once the stack corruption has occured it is possible to overwrite a pointer which is later used for a memcpy this gives us a...

Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)

Exploit for multiple platform in category remote exploits ============================================================ Cyrus IMAPD 2.3.2 pop3d Remote Buffer Overflow Exploit 2 ============================================================ !/usr/bin/ruby cyrus-imapd pop3d exploit by bannedit...

Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (2)

!/usr/bin/ruby cyrus-imapd pop3d exploit by bannedit 05/23/2006 This exploit takes advantage of a stack based overflow. Once the stack corruption has occured it is possible to overwrite a pointer which is later used for a memcpy this gives us a write anything anywhere condition similar to a forma...

PunkBuster 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC)

PunkBuster 1.229 - WebTool Service Remote Buffer Overflow Denial of Service PoC Luigi Auriemma Application: PunkBuster http://www.punkbuster.com Versions: PunkBuster for servers, versions minor than v1.229: America's Army = v1.228 Battlefield 1942 = v1.158 Battlefield 2 = v1.184 Battlefield Vietn...

PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC)

Luigi Auriemma Application: PunkBuster http://www.punkbuster.com Versions: PunkBuster for servers, versions minor than v1.229: America's Army = v1.228 Battlefield 1942 = v1.158 Battlefield 2 = v1.184 Battlefield Vietnam = v1.150 Call of Duty = v1.173 Call of Duty 2 = v1.108 DOOM 3 = v1.159 Enemy...

linux/amd64 - connect-back semi-stealth shellcode 88+ bytes

linux/amd64 connect-back semi-stealth shellcode 88+ bytes. Shellcode exploit for linamd64 platform include include include include include include include / usual rant here.. this is just a doodle.. i was curious about the amd64 and since i dont think a simple exec /bin/sh is worth releasing i gi...

Novell Messenger Server 2.0 (Accept-Language) Remote Overflow Exploit

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

Novell Messenger Server 2.0 - 'Accept-Language' Remote Overflow (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...