Mandriva Update for openslp MDVSA-2012:141 (openslp)

Check for the Version of openslp OpenVAS Vulnerability Test Mandriva Update for openslp MDVSA-2012:141 openslp Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for python-sqlalchemy MDVSA-2012:059 (python-sqlalchemy)

Check for the Version of python-sqlalchemy OpenVAS Vulnerability Test Mandriva Update for python-sqlalchemy MDVSA-2012:059 python-sqlalchemy Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

CVE-2011-2912

Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/loads3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset...

Stack overflow

Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/loads3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset...

CVE-2011-2912

Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/loads3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset...

DEBIAN-CVE-2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image...

CVE-2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image...

DEBIAN-CVE-2012-0815

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison...

PHP 5.4.3 (Windows x86 Polish) - Code Execution

// Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish =================== offset-brute.html...

CVE-2012-1185

Multiple integer overflows in 1 magick/profile.c or 2 magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE:...

rpm: incorrect handling of negated offsets in headerVerifyInfo()

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison...

python-sqlalchemy: SQL injection flaw due to not checking LIMIT input for correct type

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

python-sqlalchemy security update

0.5.5-3 - sanitize inputs to limit and offset Resolves: CVE-2012-0805...

MS12-004 midiOutPlayNextPolyEvent Heap Overflow

This module exploits a heap overflow vulnerability in the Windows Multimedia Library winmm.dll. The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using the Windows Media Player ActiveX control. Exploitation is done by supplying a speciall...

midiOutPlayNextPolyEvent Heap Overflow(MS12-004)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

VLC (libtaglib_plugin.dll) divide by zero DOS

No description provided by source. import binascii print '\n\n' print '' print ' VLC libtaglibplugin.dll divide by zero DOS ' print ' Tested on : Windows 7 and XP sp3 ' print ' VLC verion : 1.2.0 and 1.1.11 possibly lower ' print ' Author : nomnom ' print ' Date : 1/19/2012 ' print ' - shouts to...

php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure

Integer overflow in the exifprocessIFDTAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offsetval value in an EXIF header in a JPEG file, a...

HP Data Protector Media Operations Memory Corruption

A heap memory corruption vulnerability has been reported in HP Data Protector Media Operations. The vulnerability is due to insufficient validation of the Offset parameter while handling certain packets. A remote attacker may trigger this vulnerability by sending specially crafted connection...