DEBIAN-CVE-2007-4987

Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address...

ClanSphere 2007.4 - 'cat_id' SQL Injection

Inclusion Hunter Team http://www.ihteam.net Clansphere 2007.4 Class: SQL Injection Found: 22/09/2007 Remote: Yes Site: http://www.clansphere.net/ Download: http://sourceforge.net/project/showfiles.php?groupid=95430 Vulnerable code: mods/banners/navlist.php...

CVE-2007-4137

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service crash via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but...

kwsmember-sql.txt

!/usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV0; $User = $ARGV1; $passwd = $ARGV2; $url = "http://".$host; $port = "80"; print q Script....................: KwsPHP v1.0 MemberSpace Module Script Site...............: http://kws.koogar.org/ Vulnerability.............: Remote SQ...

kwsstats-sql.txt

Script..........................: KwsPHP ver 1.0 stats Module Script Site..................: http://kws.koogar.org/ Vulnerability...............: Remote SQL injection Exploit Access.........................: Remote level.............................: Dangerous Author..........................: S4...

Debian DSA-1360-1 : rsync - buffer overflow

Sebastian Krahmer discovered that rsync, a fast remote file copy program, contains an off-by-one error which might allow remote attackers to execute arbitrary code via long directory names. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

DSA-1360-1 rsync - arbitrary code execution

Bulletin has no description...

FreeBSD : rsync -- off by one stack overflow (af8e3a0c-5009-11dc-8a43-003048705d5a)

BugTraq reports : The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input. Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility...

Rsync off-by-one buffer overflow

Multiple off-by-on overflows...

GLSA-200708-12 : Wireshark: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200708-12 Wireshark: Multiple vulnerabilities Wireshark doesn't properly handle chunked encoding in HTTP responses CVE-2007-3389, iSeries capture files CVE-2007-3390, certain types of DCP ETSI packets CVE-2007-3391, and SSL or MMS...

[ MDKSA-2007:166 ] - Updated rsync packages fix off-by-one buffer overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:166 http://www.mandriva.com/security/ Package : rsync Date : August 18, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 Problem Description: Sebastian Krahmer of the SUSE Security Team discovered an off-by-one...

USN-500-1: rsync vulnerability

Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to...

Wireshark DoS

Endless loop on MMS and SSL parsing, off-by-one on iSeries and DHCP/BOOTP parsing...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function. Remediation...

DEBIAN-CVE-2007-4091

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function...

CVE-2007-4091

CVE-2007-4091 concerns rsync 2.6.9 where multiple off-by-one errors in sender.c (in the f_name handling) could allow remote attackers to execute arbitrary code. The description is consistently stated across multiple sources tied to rsync, highlighting the vulnerable component as sender.c and the ...

CVE-2007-4091

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function...

woliocms-sql.txt

wolioCMS - SQL Injection and Bypass Administrator Login Vendor : http://www.buton.web.id/member.php?member=anon Download : http://www.buton.web.id/download/woliocms.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Exploit ini berhasil jika...

wolioCMS SQL Injection

wolioCMS - SQL Injection and Bypass Administrator Login Vendor : http://www.buton.web.id/member.php?member=anon Download : http://www.buton.web.id/download/woliocms.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Exploit ini berhasil jika...

CVE-2006-7221

Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the 1 name and 2 dname entry attributes...