Debian DSA-2936-1 : torque - security update

John Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges. %NASLMINLEVEL 70300 C Tenable Network Security,...

[SECURITY] [DSA 2936-1] torque security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2936-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 23, 2014 http://www.debian.org/security/faq -...

CVE-2010-5299

Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function...

Debian Security Advisory DSA 2936-1 (torque - security update)

John Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges. OpenVAS Vulnerability Test $Id: deb2936.nasl 67...

CVE-2010-5299

CVE-2010-5299 affects MicroP 0.1.1.1600. A stack-based buffer overflow occurs when processing a .mppl file, which can allow remote attackers to execute arbitrary code. The description notes the overflow may be in the lpFileName parameter of CreateFileA, but the actual overflow is likely caused by...

CVE-2014-3791

CVE-2014-3791 affects Easy File Sharing Web Server (EFS) Web Server, with a stack-based buffer overflow in the SESSIONID cookie handling (UserID) in vfolder.ghp, enabling remote code execution. The Red Hat entry reiterates the same description for EFS Web Server 6.8. Exploitation details are not ...

Mandriva Linux Security Advisory : nagios (MDVSA-2014:089)

Updated nagios packages fix security vulnerability : Stack-based buffer overflow in the cmdsubmitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service segmentati...

GLSA-201405-20 : JBIG-KIT: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201405-20 JBIG-KIT: Denial of Service JBIG-KIT contains a stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c. Impact : A remote attacker could possibly cause a Denial of Service condition via a specially crafte...

CVE-2014-0782 Yokogawa CENTUM CS 3000 Stack-based Buffer Overflow

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier,...

Adobe Illustrator < 16.0.5 / 16.2.0 < 16.2.2 (APSB14-11)

The version of Adobe Illustrator installed on the remote Windows host is prior to 16.0.5, 16.2.2. It is, therefore, affected by a vulnerability as referenced in the APSB14-11 advisory. - Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and 16.2.x before 16.2.2 allows remote...

Yokogawa CS3000 BKESimmgr.exe Buffer Overflow

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Yokogawa CS3000 BKESimmgr.exe Buffer Overflow', 'Description' = %q This module exploits an stack based buffer overflow on Yokogawa...

Debian DSA-2921-1 : xbuffy - security update

Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts. By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash ...

CVE-2014-0469

The CVE affects xbuffy (Debian patch) with a stack-based buffer overflow exposed via crafted email subjects, enabling remote code execution. Affected: xbuffy before 3.3.bl.3.dfsg-9 (Debian patch). Fix: upgrade to the Debian-fixed versions cited in DSA-2921 (e.g., 3.3.bl.3.dfsg-8+deb6u1, 3.3.bl.3....

[CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload&#40;&#41; Buffer Overflow Remote Code Execution

RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Free Download Manager Vendor URL: www.freedownloadmanager.org Type: Stack-based Buffer Overflow CWE-121 Date found: 2014-02-20 Date published: 2014-02-13 CVSSv2 Score: 9,3...

Debian Security Advisory DSA 2921-1 (xbuffy - security update)

Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts. By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash ...

DSA-2921-1 xbuffy - security update

Bulletin has no description...

Updated nagios packages fix CVE-2014-1878

Updated nagios packages fix security vulnerability: Stack-based buffer overflow in the cmdsubmitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service segmentatio...

Fedora 19 : jbigkit-2.0-9.fc19 (2014-4960)

This update fixes a stack-based buffer overflow flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Advantech WebAccess Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from the Zero Day Initiative ZDI concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an...

CVE-2013-4290

OpenJPEG is affected by CVE-2013-4290. A stack-based buffer overflow in the OpenJPEG codebase (lib/openjp3d/opj_jp3d_compress.c, bin/jp3d/convert.c, and lib/openjp3d/event.c) can be triggered remotely via unspecified vectors prior to version 1.5.2, potentially leading to arbitrary code execution ...