Eaton ELCSoft ELCSimulator Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of network TCP requests by ELCSimulator.exe. A crafted request will cause...

openthread: Stack-buffer-overflow in ot::Coap::Header::FromMessage

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5722785030602752 Project: openthread Fuzzer: aflopenthreadradio-receive-done-fuzzer Fuzz target binary: radio-receive-done-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type:...

UltraISO Stack Buffer Overflow Vulnerability

UltraISO is popular BIN/ISO editing software that allows direct editing of a wide range of image files. A stack buffer overflow vulnerability exists in UltraISO version 9.6.6.3300. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application or cause a...

gdal: Stack-buffer-overflow in nc4_check_name

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=6380982435315712 Project: gdal Fuzzer: libFuzzergdalmitabtabfuzzer Fuzz target binary: mitabtabfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address:...

gdal: Stack-buffer-overflow in CSLAddNameValue

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=4969921421246464 Project: gdal Fuzzer: libFuzzergdalmrffuzzer Fuzz target binary: mrffuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address:...

Important: Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update

An update for qemu-kvm-rhev is now available for RHEV 4.X RHEV-H and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

PHP 7.0.x < 7.0.21, 7.1.x < 7.1.7 Multiple Vulnerabilities (Jul 2017) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP 7.0.x < 7.0.21, 7.1.x < 7.1.7 Multiple Vulnerabilities (Jul 2017) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

ffmpeg: Stack-buffer-overflow in CProgramConfig_LookupElement

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=6752357788418048 Project: ffmpeg Fuzzer: libFuzzerffmpegAVCODECIDLIBFDKAACfuzzer Fuzz target binary: ffmpegAVCODECIDLIBFDKAACfuzzer Job Type: libfuzzerasanffmpeg Platform Id: linux Crash Type:...

PlugX Controller Stack Buffer Overflow

This module exploits a stack buffer overflow in the PlugX Controller C2 server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'PlugX Controller Stack Buffer Overflow',...

Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow

Overview Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Description CWE-121: Stack-based Buffer Overflow - CVE-2017-3223Dahua IP camera products include an...

CVE-2017-11345

Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RTAC1200GU,...

CVE-2017-11345

CVE-2017-11345 describes a stack buffer overflow in the networkmap component of Asuswrt-Merlin firmware and ASUS firmware for a broad range of ASUS routers (e.g., RT-AC53, RT-AC68U, RT-AC88U, RT-N66U, RT-N12, RT-AC3200, RT-AC3100, etc.). The vulnerability is triggered when a crafted device descri...

PHP < 5.6.28, 7.x < 7.0.13 Multiple Vulnerabilities (Nov 2016) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP < 5.6.28, 7.x < 7.0.13 Multiple Vulnerabilities (Nov 2016) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Internet Bug Bounty: PHP INI Parsing Stack Buffer Overflow Vulnerability

Description: A stack buffer overflow exists in the latest stable release of PHP-7.1.5 and PHP-5.6.30 in PHP INI parsing API, which may accept network / local filesystem input. On malformed inputs, a stack buffer overflow in zendinidoop could write 1-byte off a fixed size stack buffer. On...

gdal: Stack-buffer-overflow in void SwapEndianness<long&, unsigned long>

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=4870022369378304 Project: gdal Fuzzer: aflgdalcadfuzzer Fuzz target binary: cadfuzzer Job Type: aflasangdal Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7f85edf6d128 Crash...

Schneider Electric Wonderware ArchestrA Logger Stack Buffer Overflow Vulnerability

Schneider Electric Wonderware ArchestrA Logger is a logger from Schneider Electric France for use on Schneider equipment. A stack buffer overflow vulnerability exists in Schneider Electric Wonderware ArchestrA Logger 2017.426.2307.1 and earlier versions. A remote attacker could exploit the...

CVE-2017-9225

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in...

Microsoft Skype Stack Buffer Overflow Vulnerability

Microsoft Skype is a suite of instant messaging software from the American company Microsoft. A stack buffer overflow vulnerability exists in Microsoft Skype. An attacker could exploit this vulnerability to cause a denial of service software crash and execute code...