PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow

No description provided by source. / Exploit Title: Plib + flightgear 3dconvert exploit Date: 08/10/2012 Author: Andres Gomez Software Links: Plib: http://plib.sourceforge.net/ flightgear: http://www.flightgear.org/ 3dconvert: ftp://ftp.ihg.uni-duisburg.de/FlightGear/Win32/old/3dconvert-win32.zip...

BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP

No description provided by source. Exploit-DB Note: XPSP3 - my $eip = pack'V',0x7c868667; jmp ESP on kernel32.dll Date: Tue Apr 8 2014 Vendor link: http://www.blazevideo.com/download.htmm Software Link: http://www.blazevideo.com/download.php?product=BlazeDVDPro App Version: 6.1 Tested on: Windows...

Sony PC Companion 2.1 (Load()) Stack-based Unicode Buffer Overflow

No description provided by source. Sony PC Companion 2.1 Load Stack-based Unicode Buffer Overload SEH Vendor: Sony Mobile Communications AB Product web page: http://www.sonymobile.com Affected version: 2.10.115 Production 27.1, Build 830 2.10.108 Production 26.1, Build 818 Summary: PC Companion i...

Windows Light HTTPD 0.1 - Buffer Overflow

No description provided by source. import urllib2 from time import sleep TitleWindows Light HTTPD v0.1 HTTP GET Buffer Overflow Discovered and Reported24th of April, 2013 Discovered/Exploited ByJacob Holcomb/Gimppy042 Software Vendorhttp://sourceforge.net/projects/lhttpd/?source=navbar...

keystore buffer

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...

CVE-2012-5106

CVE-2012-5106 affects FreeFloat FTP Server 1.0. The vulnerability is a stack-based buffer overflow in the handling of the PUT command, allowing remote authenticated users to execute arbitrary code by sending a long string. Exploitation exists (e.g., Exploit-DB entry 22351) and has been demonstrat...

CVE-2012-2052

Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments...

Schneider Electric VAMPSET Buffer Overflow

OVERVIEW Aivar Liimets of Martem AS has identified a buffer overflow vulnerability in Schneider Electric’s VAMPSET software product. He reported it directly to Schneider Electric who reported it to NCCIC/ICS-CERT once the problem was fixed. Schneider Electric has produced an update that mitigates...

CVE-2014-4158

CVE-2014-4158 pertains to Senkas Kolibri WebServer 2.0 on Windows (XP/2003/7). The vulnerability is a stack-based buffer overflow caused by improper validation when handling HTTP requests with overly long URIs, enabling a remote attacker to potentially execute arbitrary code. Public writeups desc...

CVE-2010-5301

CVE-2010-5301: Kolibri WebServer 2.0 is affected by a stack-based buffer overflow when handling a long URI in a HEAD request, enabling remote code execution. The connected documents corroborate an RCE risk via crafted requests; no explicit patch/version remediation is provided in the supplied sou...

openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2012:0091-1)

A stack-based buffer overflow in the glyph handling of libqt4's harfbuzz has been fixed. CVE-2011-3922 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : pixman (openSUSE-SU-2013:1421-1)

libpixman was updated to fix a stack based buffer overflow CVE-2013-1591. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-686. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : nagios (openSUSE-SU-2014:0516-1)

Nagios was updated to fix a stack-based buffer overflow in the cmdsubmitf function in the CGI handler. CVE-2014-1878 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-291. The text...

openSUSE Security Update : csound (openSUSE-SU-2012:0315-1)

This update of csound fixes two stack-based buffer overflows that could be exploited via malformed hetro and pvoc files CVE-2012-0270. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : quagga (openSUSE-SU-2010:0984-1)

This update of quagga fixes two security issues : - CVE-2010-2948: CVSS v2 Base Score: 6.5 MEDIUM AV:N/AC:L/Au:S/C:P/I:P/A:P Stack-based buffer overflow while processing malformed Route-Refresh messages. - CVE-2010-2949: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P Denial of service...

openSUSE Security Update : libmodplug (openSUSE-SU-2011:0350-1)

Libmodplug is vulnerable to a stack based buffer overflow when handling malicious S3M media files. CVE-2011-1574 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...

CVE-2010-5300

Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long file name in a zip archive...

Design/Logic Flaw

Multiple integer signedness errors in the DispatchWrite function in proxy/dispatcher/idirectfbsurfacedispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow...

CVE-2014-2977

CVE-2014-2977 in DirectFB (Dispatch_Write in proxy/dispatcher/idirectfbsurface_dispatcher.c) allows remote attackers to cause a denial of service (crash) and possibly execute code via the Voodoo interface; CVE-2014-2978 is an out-of-bounds write in the same area. Connected advisories confirm thes...

CVE-2014-2977

Multiple integer signedness errors in the DispatchWrite function in proxy/dispatcher/idirectfbsurfacedispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow...