DiskSavvy Enterprise GET Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskSavvy Enterprise v9.1.14 and v9.3.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows XP SP...

CVE-2016-2233

Stack-based buffer overflow in the inboundcapls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service crash via a large number of options in a CAP LS message...

CVE-2016-2233

CVE-2016-2233 affects HexChat 2.10.2, with a stack-based buffer overflow in inbound_cap_ls (common/inbound.c) that allows remote IRC servers to crash the client by sending many CAP LS options. This is documented across multiple feeds (NVD, OSV, Debian tracker, CNVD, CVE lists) confirming the vuln...

DiskBoss Enterprise - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DiskBoss Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability i...

SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0109-1)

This update for php53 fixes the following issues : - CVE-2014-9912: Stack-based buffer overflow in ulocgetDisplayName bsc1012232 - CVE-2016-9933: Possible stack overflow on truecolor images handling bsc1015187 - CVE-2016-9934: Dereference from NULL pointer could lead to crash bsc1015188 -...

CVE-2017-5336

Stack-based buffer overflow in the cdkpkgetkeyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate...

openSUSE: Security Advisory for jasper (openSUSE-SU-2017:0101-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for jasper (important)

This update for jasper fixes the following issues: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. bsc1012530 - CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. bsc1010977 - CVE-2016-9398: Invalid jasper files could...

SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2017:0084-1)

This update for jasper fixes the following issues : - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. bsc1012530 - CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. bsc1010977 - CVE-2016-9398: Invalid jasper files could...

CVE-2016-4336

An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged ...

CVE-2016-4336

An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged ...

MGASA-2017-0007 Updated unrtf package fixes security vulnerability

A Stack-based buffer overflow has been found in unrtf 0.21.9, which affects functions including cmdexpand, cmdemboss and cmdengrave CVE-2016-10091...

Updated unrtf package fixes security vulnerability

A Stack-based buffer overflow has been found in unrtf 0.21.9, which affects functions including cmdexpand, cmdemboss and cmdengrave CVE-2016-10091...

CVE-2016-8670

Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via...

Oracle MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities

Binary data 9845.prm...

Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick)

Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based...

MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.35. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition...

MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.54. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. CVE-2017-3238 - An...

CVE-2015-3217

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...

CVE-2015-3217

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...