2499 matches found
RealNetworks Realplayer QCP Parsing Heap Overflow
$Id: realplayerqcp.rb 13745 2011-09-17 06:48:33Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Memory corruption during text run construction (Windows) — Mozilla
Alex Miller reported that when very long strings were constructed and inserted into an HTML document, the browser would incorrectly construct the layout objects used to display the text. Under such conditions an incorrect length would be calculated for a text run resulting in too small of a memor...
(0Day) IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nLDAP.exe component which listens by default on TCP port 389. When handling the an LDAP Bi...
[CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory Information Title: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In...
LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical
Exploit for linux platform in category dos / poc ===================================================================== LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical ===================================================================== LibSMI smiGetNode Buffer Overflow When...
LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory Information Title: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In...
LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form
Core Security - CoreLabs LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory Information Title: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form Advisory Id: CORE-2010-0819 Advisory URL:...
LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form
LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory...
Frameset integer overflow vulnerability — Mozilla
Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of colum...
nsCSSValue::Array index integer overflow — Mozilla
Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created...
Remote code execution using malformed PNG image — Mozilla
OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are...
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0358-2)
Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues. MFSA 2010-33 / CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random. Since the pseudo-random number generator was only seeded once...
Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/41424/info Unreal Engine is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check messages before copying them to an insufficiently sized memory buffer. Successful exploits can allow remote attackers to...
Mozilla Foundation Security Advisory 2010-30
Mozilla Foundation Security Advisory 2010-30 Title: Integer Overflow in XSLT Node Sorting Impact: Critical Announced: June 22, 2010 Reporter: Martin Barbella Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 Thunderbird 3.0.5 SeaMonkey 2.0.5 Description Security...
Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal — Mozilla
Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the stri...
Integer Overflow in XSLT Node Sorting — Mozilla
Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store...
Mozilla Fast-Tracks Fix For Critical Firefox Flaw
Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser. The patch, which was originally slated for release on March 30, fixes a vulnerability that could allow remote code execution attacks. The flaw was originally released into the VulnDisco exploit...
WOFF heap corruption due to integer overflow — Mozilla
Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim...
Touch22 Image22 ActiveX Control Buffer Overflow
Touch22 Image22 ActiveX is an application to create images for Microsoft Windows. A buffer overflow vulnerability has been discovered in Touch22 Image22 ActiveX. The vulnerability is due to an error in the application that fails to properly bounds check user-supplied data before copying it into a...
Mercury/32 <= v4.01b PH Server Module Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Mercury/32 %...