QuickTime < 7.5 Multiple Vulnerabilities (Windows)

The version of QuickTime installed on the remote Windows host is older than 7.5. Such versions contain several vulnerabilities : - There are two heap-based buffer overflows in QuickTime's handling of PICT image files that could result in a program crash or arbitrary code execution CVE-2008-1581 a...

QuickTime < 7.5 Multiple Vulnerabilities (Mac OS X)

The version of QuickTime installed on the remote Mac OS X host is older than 7.5. Such versions contain several vulnerabilities : - There is a heap-based buffer overflow in QuickTime's handling of PICT image files that could result in a program crash or arbitrary code execution CVE-2008-1583. -...

CVE-2008-2573

The CVE-2008-2573 issue affects freeSSHd 1.2.1, where a stack-based buffer overflow in SFTP can be triggered by a long directory name in an SSH_FXP_OPENDIR (opendir) request. Exploitation requires remote access with valid authentication and occurs over the network; successful exploitation could a...

CVE-2008-2573

Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSHFXPOPENDIR aka opendir command...

Integer overflow

Integer overflow in Borland Interbase 2007 SP2 8.1.0.256 allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467...

CVE-2008-2559

CVE-2008-2559 concerns Borland Interbase 2007 SP2 (8.1.0.256). The issue is an integer/stack overflow triggered by a malformed packet sent to TCP port 3050, allowing remote attackers to execute arbitrary code with the service’s privileges. The vulnerability affects the InterBase server; CORE-2008...

CVE-2008-2559

Integer overflow in Borland Interbase 2007 SP2 8.1.0.256 allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467...

Stack overflow

Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x aka /uninstall option. NOTE: this issue might cross privilege boundaries if msiexec.exe is...

CVE-2008-2548

Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption...

CVE-2008-2426

The CVE-2008-2426 issue affects Imlib2 (imlib2) 1.4.0, where two stack-based buffer overflows in image loaders can be triggered by specially crafted PNM or XPM images. The loader_pnm.c and loader_xpm.c paths are implicated, potentially causing a crash (DoS) or arbitrary code execution upon user-a...

Now SMS/MMS Gateway < 2008.02.22 Multiple Remote Overflows

The remote host is running Now SMS/MMS Gateway, a tool for connecting to SMS and/or MMS messaging providers and managing GSM modems. The web interface component of the version of Now SMS/MMS Gateway installed on the remote host contains a stack-based buffer overflow that can be triggered using a...

Stack overflow

Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in 1 Power Audio CD Grabber 1.0, 2 Power Audio CD Burner 1.02, 3 CinematicMP3 1.4.0.0, 4 Alive MP3 WAV Converter 3.9.3.2, and possibly other...

CVE-2008-2499

Stack-based buffer overflow in the Community Services Multiplexer aka MUX or StMux.exe in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL...

CVE-2008-2499

The CVE-2008-2499 issue is a stack-based buffer overflow in IBM Lotus Sametime’s Community Services Multiplexer (STMux.exe). The vulnerability arises from inadequate bounds-checking while parsing long URLs, allowing a remote attacker to cause arbitrary code execution. Affected products include IB...

CVE-2008-0955

The CVE-2008-0955 issue is a stack-based buffer overflow in the Creative Labs AutoUpdate Engine ActiveX CTSUEng.ocx , triggered by a long CacheFolder property value. A remote attacker could execute arbitrary code by enticing a user to a malicious page. Connected sources confirm the vulnerability ...

Stack overflow

Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdrrwsstring function...

CVE-2008-2357

CVE-2008-2357 affects mtr prior to version 0.73, where a stack-based buffer overflow in split_redraw (split.c) can be triggered by a crafted DNS PTR record when using -p. Several OpenVAS/Nessus entries link this to multiple distributions (e.g., SUSE/OpenSUSE, Gentoo GLSA, Slackware SSA) and refer...

CVE-2008-2357

Stack-based buffer overflow in the splitredraw function in split.c in mtr before 0.73, when invoked with the -p aka --split option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the nsnamentop function in...

CVE-2008-2357

Stack-based buffer overflow in the splitredraw function in split.c in mtr before 0.73, when invoked with the -p aka --split option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the nsnamentop function in...

CVE-2008-2214

Castle Rock Computing SNMPc Network Manager is affected by a stack-based buffer overflow when a long SNMP TRAP community string is sent. The vulnerability exists in SNMPc 7.1 and earlier and can allow remote attackers to crash the service or run arbitrary code (often with SYSTEM-level privileges)...