3643 matches found
Design/Logic Flaw
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service crash via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807...
CVE-2009-1789
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service crash via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807...
CVE-2009-1789
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service crash via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807...
freetype integer overflow
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative npoints value, which leads to an integer overflow and heap-based buffer overflow...
freetype integer overflow
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative npoints value, which leads to an integer overflow and heap-based buffer overflow...
Mandrake Security Advisory MDVSA-2009:093 (mpg123)
The remote host is missing an update to mpg123 announced via advisory MDVSA-2009:093. OpenVAS Vulnerability Test $Id: mdksa2009093.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:093 mpg123 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...
DEBIAN-CVE-2009-1301
Integer signedness error in the storeid3text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service out-of-bounds memory access and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtain...
DEBIAN-CVE-2009-0840
Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header...
DEBIAN-CVE-2008-6393
PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer...
Fedora Update for squid FEDORA-2007-4170
Check for the Version of squid OpenVAS Vulnerability Test Fedora Update for squid FEDORA-2007-4170 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
dovecot: incorrect handling of negative rights in the ACL plugin
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
WinComLPD Total Multiple Vulnerabilities
This host is installed with WinComLPD Total and is prone to buffer overflow and authentication bypass vulnerabilities. OpenVAS Vulnerability Test $Id: gbwincomlpdtotalmultvuln.nasl 5370 2017-02-20 15:24:26Z cfi $ WinComLPD Total Multiple Vulnerabilities Authors: Chandan S Copyright: Copyright c...
Dovecot ACL Plugin Security Bypass Vulnerabilities
This host has Dovecot ACL Plugin installed and is prone to multiple security bypass vulnerabilities. OpenVAS Vulnerability Test $Id: gbdovecotmultsecbypassvuln.nasl 5158 2017-02-01 14:53:04Z mime $ Dovecot ACL Plugin Security Bypass Vulnerabilities Authors: Chandan S Copyright: Copyright c 2008...
DEBIAN-CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...
CVE-2008-4558
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison...
Code injection
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison...
PT-2008-5795 · Dovecot +1 · Dovecot +1
Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 1.1.4 Description: The issue allows attackers to bypass intended access restrictions due to the ACL plugin treating negative access rights as if they are positive access rights. Recommendations: For versions prior to...
DEBIAN-CVE-2008-4558
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison...
dovecot -- ACL plugin bypass vulnerabilities
Timo Sirainen reports in dovecot 1.1.4 release notes: ACL plugin fixes: Negative rights were actually treated as positive rights. 'k' right didn't prevent creating parent/child/child mailbox. ACL groups weren't working...