Cross site request forgery (csrf)

Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of functio...

CVE-2008-1456

Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of functio...

CVE-2008-2812

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service system crash or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in 1 hamradio/6pack.c, 2 hamradio/mkiss.c, 3...

Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution

Felipe Andres Manzano [email protected] updates in http://felipe.andres.manzano.googlepages.com/home ''' Sumary: ======= The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code execution. This vulnerability results from memory management bugs in th...

poppler -- uninitialized pointer

Felipe Andres Manzano reports: The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code execution. This vulnerability results from memory management bugs in the Page class constructor/destructor...

krb5: uninitialized pointer use in krb5kdc

KDC in MIT Kerberos 5 krb5kdc does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free...

Multiple vulnerabilities in Perforce Server 2007.3/143793

Luigi Auriemma Application: Perforce Server http://www.perforce.com Versions: = 2007.3/143793 Platforms: Windows, Unix, Linux and Mac Bugs: NULL pointers, invalid memory access and endless loop Exploitation: remote Date: 05 Mar 2008 Author: Luigi Auriemma e-mail: [email protected] web:...

TIBCO SmartSockets RTserver multiple security vulnerabilities

Buffer overflows, arrays overflows, pointers manipulation...

VLC Player ActiveX code exectuion

Few uninitialized pointers references...

CVE-2007-5330

The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to 1 execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and 2 trigger memory corruption related to the use of "handle" RPC arguments...

CVE-2007-0943

Concretely, CVE-2007-0943 affects Internet Explorer 5.01 and 6 SP1, where parsing malformed CSS strings can trigger memory corruption via out-of-bounds pointers, allowing remote code execution. The incident is associated with an IE CSS parsing memory corruption vulnerability; remediation is MS07-...

CVE-2007-0943

Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets CSS strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers...

Net:: DNS denial of service

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service stack consumption via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop...

CVE-2007-1754

PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that...

Code injection

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service stack consumption via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop...

CVE-2007-3409

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service stack consumption via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop...

DEBIAN-CVE-2007-3409

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service stack consumption via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop...

CVE-2007-3409

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service stack consumption via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop...

CVE-2007-3409

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service stack consumption via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop...

PT-2007-1040 · Net +1 · Net::Dns +1

Name of the Vulnerable Software and Affected Versions: Net::DNS versions prior to 0.60 Description: The issue allows remote attackers to cause a denial of service, specifically stack consumption, via a malformed compressed DNS packet with self-referencing pointers. This triggers an infinite loop,...