Debian DSA-3412-1 : redis - security update

Luca Bruno discovered an integer overflow flaw leading to a stack-based buffer overflow in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service application crash. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

CVE-2015-0860

CVE-2015-0860 affects the dpkg-deb component of dpkg. An off-by-one error in extracthalf/extract.c can cause a stack-based buffer overflow via the archive magic version number in an old-style Debian binary package, enabling remote code execution. The issue affects dpkg 1.16.x before 1.16.17 and 1...

Debian DLA-350-1 : eglibc security update

The strxfrm function is vulnerable to integer overflows when computing memory allocation sizes similar to CVE-2012-4412. Furthermore since it fallbacks to use alloca when malloc fails, it is vulnerable to stack-based buffer overflows similar to CVE-2012-4424. Those issues have been fixed in Debia...

Schneider Electric Invensys Positioner Buffer Overflow Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a buffer overflow security vulnerability in the DTM Device Type Manager software for Schneider Electric’s Invensys SRD Control Valve Positioner product line. Schneider Electric has produced a new version that mitigates this vulnerability...

[SECURITY] [DSA 3407-1] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3407-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 26, 2015 https://www.debian.org/security/faq -...

CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

Debian Security Advisory DSA 3407-1 (dpkg - security update)

Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package .deb i...

DSA-3407-1 dpkg - security update

Bulletin has no description...

CVE-2006-4809

Stack-based buffer overflow in loaderpnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PNM image...

CVE-2006-0097

Stack-based buffer overflow in the createnamedpipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long 1 arghost or 2 argunixsocket argument, as demonstrated by a long named pipe variable in the host argument to the...

CVE-2007-4584

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the pmode variable...

Stack overflow

Multiple stack-based buffer overflows in IniNet embeddedWebServer aka eWebServer before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request...

CVE-2015-1001

The CVE-2015-1001 affects IniNet Solutions SCADA Web Server (embeddedWebServer/eWebServer) prior to version 2.02. Multiple stack-based buffer overflows occur when parsing HTTP requests with long fields, leading to remote arbitrary code execution. Affected product is the IniNet SCADA Web Server (t...

AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow Exploit

Exploit for unix platform in category local exploits ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ADOBE-WRKGRP-BUFFER-OVERFLOW.txt Vendor: ================================ www.adobe.com Product:...

Stack-based Buffer Overflow in Artegic Dana IRC Client (CVE-2008-2922)

Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long IRC message...

Watermark Master Buffer Overflow (SEH)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Watermark Master Buffer Overflow SEH', 'Description' = %q This module exploits a stack based buffer overflow in Watermark Master...

opensmtpd: multiple issues

an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute...