CVE-2007-3336

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...

CVE-2007-3336

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...

[Full-disclosure] [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: CAID 35450, 35451, 35452, 35453: CA Products That Embed Ingres Multiple Vulnerabilities CA Vuln ID CAID: 35450, 35451, 35452, 35453 CA Advisory Date: 2007-06-21 Reported By: NGSSoftware, and iDefense Impact: Attackers can potentially execute...

MagicISO 5.4 (build239) - .cue Heap Overflow (PoC)

MagicISO 5.4 build239 - .cue Heap Overflow PoC !/usr/bin/env ruby Credits to n00b for finding this bug. Magic iso has a stacked based buffer over-flow when We pass an overly-long file name inside the .cue file We are able to control alot of the registers so Command execution is possible,But im...

IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the CRAM-MD5 authentication mechanism of nimap.exe which binds by default to TCP...

Microsoft Word Document (malformed pointer) Proof of Concept

No description provided by source. ===== The file I have attached is a very basic two stage bug. stage 1 the first mod forces the code down a wrong path. the second mod by itsself is harmless, however when used with the first it will be the first and part of the second overwrite. I have use...

MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028)

Exploit for unknown platform in category dos / poc ============================================================ MS Windows JPEG Processing Buffer Overrun Exploit MS04-028 ============================================================ !/bin/sh The JPEG vuln is triggered by the 0 or 1 length field wi...

Remote Frame Pointer Overwrite vulnerability in LIB CGI in Language C.

======================================== INetCop Security Advisory 2002-0x82-007 ======================================== Title: Remote Frame Pointer Overwrite vulnerability in LIB CGI in Language C. 0x01. Description A simple mode of develop CGI in language C. The libcgi package is a library...

pkc001.txt

/ pkc001.txt / -= SECURITY ADVISORY 001 =- | \ www.pkcrew.org / \ \ | / \ | | | | | / | | | | | / | | | | / | | / / | | | / | Application : Oops proxy server 1.4.22 1.4.6 and maybe prior Type: heap buffer overflow --- The problem --- Function listparser in ftputils.c : line is the line sent by th...