CVE-2015-2797

Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login...

Advantech WebAccess Stack-Based Buffer Overflow Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a stack-based buffer overflow vulnerability in Advantech’s WebAccess application. Advantech has produced a new version to mitigate this vulnerability. Ivan Sanchez has tested the new version to validate that it resolves the vulnerability...

CVE-2015-1000

Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 aka SStreamVideo ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter...

CVE-2015-0986

Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey 1 set or 2 get command...

CVE-2015-2946

CVE-2015-2946 affects the SXF Common Library (Open CAD Format Council SXF) with a stack-based/buffer overflow in processing CAD input, allowing remote code execution via a crafted CAD file. Affected versions include SXF Common Library versions up to 3.21/3.30 (before 3.30 per sources); newer rele...

CVE-2015-1896

IBM Tivoli Storage Manager FastBack Mount 6.1.x before 6.1.11.1 is affected by a stack-based buffer overflow in the FastBackMount process, caused by improper bounds checking. This vulnerability could allow a remote attacker to execute arbitrary code with SYSTEM/root privileges or cause a crash. A...

SUSE SLED12 / SLES12 Security Update : libtasn1 (SUSE-SU-2015:0904-1)

The ASN.1 parsing library libtasn1 was updated to fix one memory handling issue. The following vulnerability was fixed : - CVE-2015-2806: A stack-based buffer overflow in libtasn1 allowed remote attackers to have unspecified impact via unknown vectors. Note that Tenable Network Security has...

CVE-2014-9204

Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file...

CVE-2014-9204

CVE-2014-9204 affects Rockwell Automation RSLinx Classic OPCTest.exe prior to version 3.73.00. The flaw is a stack-based buffer overflow triggered by loading a crafted CSV file, which could crash the application or allow code execution when a user opens the file. Affected product is RSLinx Classi...

CVE-2014-9204

Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file...

SAP encryption algorithm vulnerability can lead to remote code execution or denial of service-vulnerability warning-the black bar safety net

Now, there is a widely used Protocol appeared unexpected vulnerability, SAP encryption algorithm of the data compression software can lead to remote code execution vulnerability and denial of service vulnerabilities. These problems arise because the SAP encryption algorithm of coding uses a popul...

SAP LZC/LZH Compression Multiple Vulnerabilities

Advisory ID Internal CORE-2015-0009 1. Advisory Information Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL:https://www.coresecurity.com/core-labs/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last...

Siemens SCALANCE S612 Firewall > 2.1 and < 2.3.0.3 Multiple Vulnerabilities (SSA-268149)

Binary data scadasiemensscalances612SSA-268149.nbin...

Mandriva Linux Security Advisory : directfb (MDVSA-2015:223)

Updated directfb packages fix security vulnerabilities : Multiple integer signedness errors in the DispatchWrite function in proxy/dispatcher/idirectfbsurfacedispatcher.c in DirectFB allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo...

[ MDVSA-2015:223 ] directfb

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:223 http://www.mandriva.com/en/support/security/ Package : directfb Date : May 4, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated directfb packages fix security...

Updated directfb packages fix security vulnerabilities

Updated directfb packages fix security vulnerabilities: Multiple integer signedness errors in the DispatchWrite function in proxy/dispatcher/idirectfbsurfacedispatcher.c in DirectFB allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo...

Mandriva Linux Security Advisory : sqlite3 (MDVSA-2015:217)

Multiple vulnerabilities has been found and corrected in sqlite3 : SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have...

Security update for DirectFB (important)

DirectFB was updated to fix two security issues. The following vulnerabilities were fixed: CVE-2014-2977: Multiple integer signedness errors could allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based...

SUSE-SU-2015:0904-1 Security update for libtasn1

The ASN.1 parsing library libtasn1 was updated to fix one memory handling issue. The following vulnerability was fixed: CVE-2015-2806: A stack-based buffer overflow in libtasn1 allowed remote attackers to have unspecified impact via unknown vectors...

Integer overflow

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...