CVE-2004-1955

The CVE-2004-1955 entry describes a SQL injection in the phProfession 2.5 package, specifically via the offset parameter in modules.php. Affected software: phProfession 2.5; vulnerable component: modules.php. Root cause: improper handling of the offset input enables arbitrary SQL execution by rem...

CVE-2005-0529

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the procfileread and locksreadproc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context...

CVE-2005-0529

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the procfileread and locksreadproc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context...

security flaw

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the procfileread and locksreadproc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context...

PostScript Utilities - psnup Argument Buffer Overflow

Exploit for linux platform in category local exploits ===================================================== PostScript Utilities - psnup Argument Buffer Overflow ===================================================== !/usr/bin/perl PostScript Utilities - psnup all the utilities of the package are...

PostScript Utilities - 'psnup' Local Buffer Overflow

!/usr/bin/perl PostScript Utilities - psnup all the utilities of the package are vulnerable written by lammat just for practice purposes tested against psutils-p17 gdb r -8 perl -e 'print "A"x250' The program being debugged has been started already. Start it from the beginning? y or n y Starting...

security flaw

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via 1 a negative offset value to the shmopwrite function, 2 an "integer overflow/underflow" in the pack function, or 3 an "integer...

3CServer 1.1 (FTP Server) - Remote Overflow

/ subject: Proof of Concept exploit for 3CServer v1.1 FTP server vendor: 3Com, http://support.3com.com/software/utilitiesforwindows32bit.htm date: Mon Feb 7 18:10:01 2005 notes: universal offset, SEH ptr overwriting with variation author: mandragore, mandragore@[email protected] / include...

3CServer 1.1 FTP Server Remote Exploit

No description provided by source. / subject: Proof of Concept exploit for 3CServer v1.1 FTP server vendor: 3Com, http://support.3com.com/software/utilitiesforwindows32bit.htm date: Mon Feb 7 18:10:01 2005 notes: universal offset, SEH ptr overwriting with variation author: mandragore,...

USN-66-1: PHP vulnerabilities

FraMe from kernelpanik.org reported that the cURL module does not respect openbasedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the openbasedir directory. Stefano Di Paola discovered a vulnerability in...

CVE-2004-2592

Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service application crash via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines...

CVE-2004-1955

SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter...

security flaw

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via 1 a negative offset value to the shmopwrite function, 2 an "integer overflow/underflow" in the pack function, or 3 an "integer...

PHP 4.x/5.0 Shared Memory Module - Offset Memory Corruption

source: https://www.securityfocus.com/bid/12045/info PHP shared memory module shmop is reported prone to an integer handling vulnerability. The issue exists in the PHPFUNCTIONshmopwrite function and is as a result of a lack of sufficient sanitization performed on 'offset' data. This vulnerability...

CVE-2004-0415

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory...

CVE-2004-0415

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory...

CVE-2003-0075

Integer signedness error in the myFseek function of samplein.c for Blade encoder BladeEnc 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:087)

A race condition was discovered in the 64bit file offset handling by Paul Starzetz from iSEC. The file offset pointer fpos is changed during reading, writing, and seeking through a file in order to point to the current position of a file. The value conversion between both the 32bit and 64bit API ...

Important: Red Hat Security Advisory: kernel security update

Updated Itanium kernel packages that fix a number of security issues are now available. The Linux kernel handles the basic functions of the operating system. This kernel updates several important drivers and fixes a number of bugs including potential security vulnerabilities. Paul Starzetz...

squid -- NTLM authentication denial-of-service vulnerability

A remote attacker is able to cause a denial-of-service situation, when NTLM authentication is enabled in squid. NTLM authentication uses two functions which lack correct offset checking...