Ubuntu 6.06 LTS / 6.10 / 7.04 : rsync vulnerability (USN-500-1)

Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to...

GLSA-200711-08 : libpng: Multiple Denials of Service

The remote host is affected by the vulnerability described in GLSA-200711-08 libpng: Multiple Denials of Service An off-by-one error when handling ICC profile chunks in the pngsetiCCP function was discovered CVE-2007-5266. George Cook and Jeff Phillips reported several errors in pngrtran.c, the u...

cups boundary error

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service crash via a crafted 1 textWithLanguage or 2 nameWithLanguage Internet Printing Protocol IPP tag, leading to a stack-based buffer overflow...

tcpdump denial of service

Off-by-one buffer overflow in the parseelements function in the 802.11 printer code print-80211.c for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service crash via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based...

libpng: Multiple Denials of Service

Background libpng is a free ANSI C library used to process and manipulate PNG images. Description An off-by-one error when handling ICC profile chunks in the pngsetiCCP function was discovered CVE-2007-5266. George Cook and Jeff Phillips reported several errors in pngrtran.c, the use of logical...

CVE-2007-4997

Integer underflow in the ieee80211rx function in net/ieee80211/ieee80211rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service crash via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211STYPEQOSDATA flag is set, aka an "off-by-two...

DEBIAN-CVE-2007-4351

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service crash via a crafted 1 textWithLanguage or 2 nameWithLanguage Internet Printing Protocol IPP tag, leading to a stack-based buffer overflow...

CVE-2007-4351

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service crash via a crafted 1 textWithLanguage or 2 nameWithLanguage Internet Printing Protocol IPP tag, leading to a stack-based buffer overflow...

Common UNIX Printing System IPP Tags Memory Corruption Vulnerability

The Common UNIX Printing System CUPS versions 1.3.3 and prior contain a vulnerability that can allow an unauthenticated, remote attacker to create a denial of service DoS condition or execute arbitrary code with the privileges of the user. The vulnerability exists in the ippReadIO function when...

Buffer overflow

Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for Half-Life Server might allow attackers to execute arbitrary code or cause a denial of service via unspecified input related to geolocation, which triggers an error message from the 1 geoipcode2 or 2 geoipcode3 function, leadin...

ImageMagick: Multiple vulnerabilities

Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description regenrecht reported multiple infinite loops in functions ReadDCMImage and ReadXCFImage CVE-2007-4985, multiple integer overflows when handling certain types of images CVE-2007-4986,...

vanilla-sql.txt

= 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo "------------------------------------------------------------\n"; echo "Vanilla - use specific prefix default LUM\n"; echo "-id= - use specific user id default 1\n"; echo "-c= - benchmark's loop count default 300000\n"; echo "-...

Vanilla <= 1.1.3 Remote Blind SQL Injection Exploit

No description provided by source. ?php Vanilla = 1.1.3 Remote Blind SQL Injection Exploit By InATeam http://inattack.ru/ Requirements: MySQL = 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo "------------------------------------------------------------\n"; echo "Vanilla = 1.1...

Vanilla 1.1.3 - Blind SQL Injection

= 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo "------------------------------------------------------------\n"; echo "Vanilla - use specific prefix default LUM\n"; echo "-id= - use specific user id default 1\n"; echo "-c= - benchmark's loop count default 300000\n"; echo "-...

openSUSE 10 Security Update : python (python-3749)

This update fixes an off-by-one error in the PyLocalestrxfrm function which can lead to a memory leak. CVE-2007-2052 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update python-3749. The text...

openSUSE 10 Security Update : apache2 (apache2-1905)

This update fixes the following security problem in the Apache webserver : modrewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. CVE-2006-3747 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Fedora Core 6 : openssl-0.9.8b-15.fc6 (2007-725)

Fri Oct 12 2007 Tomas Mraz 0.9.8b-15 - fix CVE-2007-5135 - off-by-one in SSLgetsharedciphers 309801 - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow 321191 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

Code injection

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors...

DEBIAN-CVE-2007-4995

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors...

openssl: SSL_get_shared_ciphers() off-by-one

Off-by-one error in the SSLgetsharedciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738...