6715 matches found
TinyIdentD 2.2 Stack Buffer Overflow
This module exploits a stack based buffer overflow in TinyIdentD version 2.2. If we send a long string to the ident service we can overwrite the return address and execute arbitrary code. Credit to Maarten Boone. This module requires Metasploit: https://metasploit.com/download Current source:...
LANDesk Management Suite Alert Service Stack Overflow (CVE-2007-1674)
LANDesk Management Suite automates systems and security management tasks and proactively manages, updates and protects desktops, servers and mobile devices from a single console. A stack buffer overflow vulnerability has been discovered in LANDesk Management Suite. The vulnerability is due to a...
Darwin Streaming Server < 5.5.5 Multiple RCE Vulnerabilities
According to its banner, the version of Apple Darwin Streaming Server running on the remote host is prior to version 5.5.5. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the Apple Darwin Streaming Proxy that allows an unauthenticated, remote...
Trend Micro ServerProtect 5.58 - SpntSvc.exe Remote Stack Buffer Overflow
Trend Micro ServerProtect 5.58 - SpntSvc.exe Remote Stack Buffer Overflow source: https://www.securityfocus.com/bid/23868/info Trend Micro ServerProtect is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copyin...
Axis Communications CamImage ActiveX control stack buffer overflow
Overview The Axis Communications CamImage ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to run arbitrary code on a vulnerable system. Description Axis Communications provides an ActiveX control for viewing motion JPEG streams in Microsoft...
IncrediMail IMMenuShellExt ActiveX control stack buffer overflow vulnerability
Overview The IncrediMail IMMenuShellExt ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IncrediMail is an email application that includes animations and 1000's of emoticons...
CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO87569)
According to its version, the installation of BrightStor ARCserve Backup on the remote host is affected by multiple vulnerabilities in the Mediasrv RPC service. First, the service does not properly sanitize a string given as an argument to different RPC functions prior to calling the function...
CVE-2007-1353
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copyfromuser function accessing an uninitialized stack buffer...
Stack overflow
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copyfromuser function accessing an uninitialized stack buffer...
CVE-2007-1353
CVE-2007-1353 affects the Linux kernel’s Bluetooth stack (L2CAP and HCI) and can allow a context-dependent attacker to read kernel memory via the copy_from_user call accessing an uninitialized stack buffer in the setsockopt pathway. The vulnerability is present in kernel versions prior to 2.4.34....
CVE-2007-1353
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copyfromuser function accessing an uninitialized stack buffer...
Microgaming Download Helper ActiveX control stack buffer overflow
Overview The Microgaming Download Helper ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microgaming provides software for online gaming, including online casinos. The Microgaming...
Novell Groupwise WebAccess buffer overflow
Stack buffer overflow stack overrun during TCP/7205 TCP/7211 HTTP basic authentication on base64 decoding...
Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the...
VCDGear畸形CUE文件处理栈缓冲区溢出漏洞
VCDGear是制作MPEG4的工具,用于将VCD影片DAT文件转换为MPEG文件。 VCDGear在处理畸形格式的CUE文档时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞通过诱使用户打开恶意文件控制用户用户机器。 如果用户使用VCDGear加载了恶意的CUE文件的话,就可能触发栈缓冲区溢出,导致在用户系统上执行任意指令。 VCDGear v3.56 build 050213 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.vcdgear.com/...
Aircrack-ng (airodump-ng) remote buffer overflow vulnerability
Product Name: Aircrack-ng 0.7 Vendor: http://www.aircrack-ng.org Date: 13 April, 2007 Author: Jonathan So jonny @ nop-art dot net Advisory URL: http://www.nop-art.net/advisories/airodump-ng.txt I. DESCRIPTION A buffer overflow vulnerability has been found in airodump-ng, part of the aircrack-ng...
Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability
Description Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This occurs when handling certain HTTP requests. To exploit this issue, an attack...
More information on ZERT patch for ANI 0day
Hi, more information about the patch released April 1st can be found here: http://zert.isotf.org/ Including: 1. Technical information. 2. Why this patch was released when eeye already released a third party patch. The newly discovered zero-day vulnerability in the parsing of animated cursors is...
Corel WordPerfect Office PRS堆栈缓冲区溢出漏洞
Corel WordPerfect是一款功能强大的办公软件套件。 Corel WordPerfect X3存在堆栈缓冲区溢出,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 Wordperfect X3不正确检查存储在Wordperfect文档中的打印机选择文件名,提交恶意文档,诱使用户访问可导致以应用程序进程权限执行任意指令。 Corel WordPerfect Office X3 13.0 .565 目前没有解决方案提供: http://www.corel.com/ / wp13exp.c - Wordperfect X3 remote exploit Proof of...
ZZIPlib / zzcat buffer overflow
Stack buffer overflow stack overrun on oversized filename...