CVE-2012-10055 ComSndFTP v1.3.7 Beta USER Format String RCE

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory specifically WSACleanup from Ws232.dll...

CVE-2012-10055 ComSndFTP v1.3.7 Beta USER Format String RCE

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory specifically WSACleanup from Ws232.dll...

CVE-2023-5404

CVE-2023-5404 affects Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Root cause: heap-based or out-of-bounds memory write triggered by processing a malformed message, potentially enabling remote code execution or service failure over the netwo...

Honeywell Experion Server 安全漏洞

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server that originates when the server receives an incorrectly formatted...

SUSE CVE-2006-5857

Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering...

Null pointer dereference

Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions e.g. in embedded environment...

SUSE-SU-2020:1873-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - CVE-2017-18922: Fixed an issue which could have allowed to an attacker to pre-auth overwrite a function pointer which subsequently used leading to potential remote code execution bsc1173477...

Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free Exploit

Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A RO...

Foxit PDF Reader Pointer Overwrite UAF

Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain...

Citrix Provisioning Services 7.x < 7.12 Multiple Vulnerabilities (CTX219580)

The version of Citrix Provisioning Services running on the remote Windows host is either 7.x prior to 7.12 or 7.6 LTSR prior to 7.6.4 LTSR. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to an overflow condition caused by improper...

QQPlayer 3.7.892 m2p quartz.dll Heap Pointer Overwrite PoC

No description provided by source. Exploit Title: QQPlayer 3.7.892 m2p quartz.dll heap pointer overwrite PoC Date: 10/14/2012 Author: James Ritchey Vendor Homepage: www.qq-player.com Software Link: http://www.qq-player.com/downloaden.php Version: 3.7.892 Tested on: Windows XP SP3 l = 3315716 A s1...

Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow

No description provided by source. $Id: cyruspop3dpopsubfolders.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Sybase Advantage Data Architect - "*.SQL" Format Heap Oveflow

No description provided by source. Exploit Title: Sybase Advantage Data Architect .SQL Format Heap Oveflow RCE Date: 2010-10-16 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.sybase.com/products/databasemanagement/advantagedatabaseserver/data-architect-utility...

Telnetd encrypt_keyid: Remote Root function pointer overwrite

No description provided by source. / telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan Copyright 2011 Gonzalo J. Carracedo BatchDrake [email protected] - [email protected] [email protected] - [email protected] / / // / / / // /\ \...

Microsoft Publisher Function Pointer Overwrite (MS11-091) - Ver2 (CVE-2011-1508)

A memory corruption vulnerability has been reported in Microsoft Publisher. The vulnerability is due to the way Microsoft Publisher does not properly handle memory for function pointers while parsing specially crafted Publisher files. A remote attacker may exploit this vulnerability by enticing a...

Firebird - Relational Database CNCT Group Number Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Firebird Relational Database CNCT Group Number Buffer Overflow', 'Description' = %q This module exploits a vulnerability in...

QQPlayer 3.7.892 m2p quartz.dll heap pointer overwrite PoC

Exploit for windows platform in category dos / poc Exploit Title: QQPlayer 3.7.892 m2p quartz.dll heap pointer overwrite PoC Date: 10/14/2012 Author: James Ritchey Vendor Homepage: www.qq-player.com Software Link: http://www.qq-player.com/downloaden.php Version: 3.7.892 Tested on: Windows XP SP3 ...

QQPlayer 3.7.892 Heap Pointer Overwrite

Exploit Title: QQPlayer 3.7.892 m2p quartz.dll heap pointer overwrite PoC Date: 10/14/2012 Author: James Ritchey Vendor Homepage: www.qq-player.com Software Link: http://www.qq-player.com/downloaden.php Version: 3.7.892 Tested on: Windows XP SP3 l = 3315716 "A" s1 = 0,'\x00\x00\x01\xba', 2048,...

CVE-2012-0257

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...

Heap overflow

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...