7301 matches found
CVE-2009-0226
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory...
CVE-2009-0226
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory...
CVE-2009-0227
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter PP4X32.DLL in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format,...
CVE-2009-1627
Stack-based buffer overflow in Streaming Download Project SDP Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file...
CVE-2009-1612
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are...
CVE-2009-1612
BaoFeng Storm ActiveX control (MPS.StormPlayer.1 in mps.dll) is affected by a stack-based buffer overflow (CVE-2009-1612). Vulnerable component: mps.dll 3.9.4.27 and earlier; condition arises when an overly long string is passed to OnBeforeVideoDownload. Consequence: remote code execution by an a...
Heap overflow
Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control DafoloFFControl.dll 1.108.6.195 allow remote attackers to execute arbitrary code via long 1 baseurl, 2 kommune, 3 felter, 4 afdeling, 5 Flags, 6 HelpURL, 7 caburl, or 8 filename properties; or 9 a long...
CVE-2009-1586
Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file...
CVE-2009-1577
Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long 1 function name or 2 symbol in a source-code file...
Stack overflow
Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web...
CVE-2009-1516
Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web...
CVE-2009-1437
Stack-based buffer overflow in PortableApps CoolPlayer Portable aka CoolPlayer+ Portable 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist .m3u file. NOTE: this may overlap CVE-2008-3408...
Icewarp Merak Mail Server 9.4.1 - 'Base64FileEncode()' Buffer Overflow (PoC)
"cgi-fcgi" die"Launch from the merak php console!"; if !functionexists"icewarpapiobjectcall" die"You need the icewarp extension loaded!"; $shellcode= //original scode, alpha2 esp sh.txt "\xeb\x13\x5b\x31\xc0\x50\x31\xc0\x88\x43\x4a\x53". "\xbb\x0d\x25\x86\x7c". //WinExec, kernel32.dll XP SP3...
Icewarp Merak Mail Server 9.4.1 - Base64FileEncode() Buffer Overflow (PoC)
Icewarp Merak Mail Server 9.4.1 - Base64FileEncode Buffer Overflow PoC "cgi-fcgi" die"Launch from the merak php console!"; if !functionexists"icewarpapiobjectcall" die"You need the icewarp extension loaded!"; $shellcode= //original scode, alpha2 esp sh.txt...
FreeBSD : libpng stack-based buffer overflow and other code concerns (f9e3e60b-e650-11d8-9b0a-000347a4fa7d)
Chris Evans has discovered multiple vulnerabilities in libpng, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
Mandriva Linux Security Advisory : emacs (MDVSA-2008:034)
The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ':safe', did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file...
Mandriva Linux Security Advisory : audacity (MDVSA-2009:055)
A vulnerability has been identified and corrected in audacity : Stack-based buffer overflow in the Stringparse::getnonspacequoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service crash and possibly...
Mandriva Linux Security Advisory : audit (MDVSA-2008:083)
Joe Nall reported a stack-based buffer overflow in Audit's log handling that could allow remote attackers to execute arbitrary code via a long command argument CVE-2008-1628. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
FreeBSD : xchat remotely exploitable buffer overflow (Socks5) (8338a20f-9573-11d8-9366-0020ed76ef5a)
A straightforward stack-based buffer overflow exists in XChat's Socks5 proxy support. The XChat developers report that tsifra' discovered this issue. NOTE: XChat Socks5 support is disabled by support in the FreeBSD Ports Collection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Stack overflow
Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist .xpl file...