1320 matches found
CVE-2007-4194
Guidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service stack memory consumption and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might...
CVE-2007-4194
CVE-2007-4194 concerns Guidance Software EnCase 5.0 and describes user‑assisted remote denial of service via a malformed file, related to EnCase’s file system parsing. The core weakness centers on how EnCase parses certain inputs, potentially causing stack memory consumption and unspecified impac...
DNS RPC analysis-vulnerability warning-the black bar safety net
Author: cloud Shu Date: 2007-04-27 http://www.ph4nt0m.org According to the security Bulletin for the vulnerability description, vulnerability occurs in the dns. exe program in the DnssrvQuery Function, This function is an RPC function, allows clients to make remote calls. First with IDA on dns. e...
security flaw
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...
security flaw
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...
security flaw
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...
security flaw
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...
CVE-2007-0908
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...
Design/Logic Flaw
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...
CVE-2007-0908
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...
CVE-2007-0908
CVE-2007-0908 affects the WDDX deserializer in the PHP wddx extension. The vulnerability arises because key_length is not properly initialized for a numeric key, which can allow a context-dependent attacker to read stack memory via a wddxPacket element that contains a variable with a string name ...
CVE-2007-0908
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...
CVE-2006-6657
The ifclonelist function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors...
security flaw
net/ipv4/netfilter/ipconntrackcore.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nfconntrackl3protoipv4.c in 2.6, does not clear sockaddrin.sinzero before returning IPv4 socket names from the getsockopt function with SOORIGINALDST, which allows local users to obtain portions of...
Qualcomm Eudora 6.0.3 - MIME Message Nesting Denial of Service
Qualcomm Eudora 6.0.3 - MIME Message Nesting Denial of Service source: https://www.securityfocus.com/bid/10137/info It has been reported that Eudora is prone to a denial of service vulnerability when handling e-mail containing excessive MIME nesting. The problem is known to occur when the...
Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure
Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure source: https://www.securityfocus.com/bid/7296/info It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts...
Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure
source: https://www.securityfocus.com/bid/7296/info It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts user-supplied data an error state may be triggered. If the attack is...
ESCPUtil 1.15.2 2 - Printer Name Local Buffer Overflow
ESCPUtil 1.15.2 2 - Printer Name Local Buffer Overflow source: https://www.securityfocus.com/bid/6658/info It has been reported that a buffer overflow in escputil exists. When supplied with excessively long arguments, it is possible to overwrite stack memory. escputil is reportedly installed setg...
Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow (3)
// source: https://www.securityfocus.com/bid/5125/info Bonobo is a set of tools and CORBA interfaces included as part of the Gnome infrastructure. It is designed for use on the Linux and Unix operating systems. A boundry condition error has been discovered in the efstool program. Due to improper...
ISS X-Force response
This vulnerability was originally detected auditing the Apache 2.0 source tree. Apache 2.0 uses the same function to determine the chunk size, and has the same vulnerable signed comparison. It is, however, not vulnerable by luck? due to a signed comparison deep within the buffered reading routine...