CVE-2009-4227

CVE-2009-4227 describes a stack-based buffer overflow in Xfig/Transfig components when processing malformed 1.3 FIG files (read_1_3_textobject in f_readold.c for Xfig 3.2.5b and earlier; read_textobject in read1_3.c for Transfig 3.2.5a and earlier). The overflow is triggered by a long string in t...

CVE-2009-3994

Stack-based buffer overflow in the GetUID function in src-IL/src/ildicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted DICOM file...

Stack overflow

Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained from third party information...

CVE-2009-4219

Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained from third party information...

CVE-2009-4219

CVE-2009-4219 concerns Haihaisoft Universal Player’s MyActiveX.ocx 1.4.8.0, specifically the MYACTIVEX.MyActiveXCtrl.1 ActiveX control. The connected PT-SECURITY entry documents a stack-based buffer overflow that can be triggered by a long URL property value, enabling remote arbitrary code execut...

Mandriva Linux Security Advisory : dhcp (MDVSA-2009:312)

A vulnerability has been found and corrected in ISC DHCP : Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0....

Serv-U < 9.1.0.0

According to its banner, the installed version of Serv-U is earlier than 9.1.0.0, and therefore affected by the following issues : - A boundary error in the web administration interface when parsing session cookies can result in a stack-based buffer overflow. CVE-2009-4873 - A boundary error in t...

Stack overflow

Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information...

MuPDF pdf_shade4.c Multiple Stack-Based Buffer Overflows

Exploit for unknown platform in category local exploits ======================================================== MuPDF pdfshade4.c Multiple Stack-Based Buffer Overflows ======================================================== Title: MuPDF pdfshade4.c Multiple Stack-Based Buffer Overflows CVE-ID:...

AOL Radio AmpX ActiveX Control ConvertFile() Buffer Overflow

require 'msf/core' class Metasploit3 'AOL Radio AmpX ActiveX Control ConvertFile Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow in AOL IWinAmpActiveX class AmpX.dll version 2.4.0.6 installed via AOL Radio website. By setting an overly long value to...

Mercury/32 <= v4.01b PH Server Module Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Mercury/32 %...

CA BrightStor ARCserve Backup AddColumn() ActiveX Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'CA BrightStor...

Oracle 9i XDB FTP PASS Overflow (win32)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Oracle 9i XD...

CVE-2009-4006

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string...

IBM Tivoli Storage Manager Client CAD Service Buffer Overflow

Added: 11/20/2009 CVE: CVE-2009-3853 OSVDB: 59632 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on port 1582/TCP. Problem The vulnerability is caused by an input validation error in t...

HTTPDX h_handlepeer() Function Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in HTTPDX HTTP server 1.4. The vulnerability is caused due to a boundary error within the "hhandlepeer" function in http.cpp. By sending an overly long HTTP request, an attacker can overrun a buffer and execute arbitrary code. This...

CVE-2009-2685

Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable...

CVE-2009-2685

HP Power Manager 4.x is affected by CVE-2009-2685 due to a stack-based buffer overflow in the login form of the management web server. The issue arises from insufficient bounds checking on the Login parameter, allowing remote attackers to execute arbitrary code (typically as SYSTEM) via a crafted...

HP Power Manager Remote Code Execution

Added: 11/06/2009 CVE: CVE-2009-2685 BID: 36933 OSVDB: 59684 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A stack-based buffer overflow in the HP Power Manager management web server allows...

CVE-2009-3867

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...