CVE-2026-25210

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...

CVE-2025-44952

A missing length check in ogspfcpsubnetadd function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the session.dnn field with a value with length greater than 101...

Redis Buffer Overflow Vulnerability (GHSA-5453-q98w-cmvm)

Redis is prone to a stack-based buffer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if...

RemShutdown 2.9.0.0 - Name Denial of Service (PoC)

RemShutdown 2.9.0.0 - Name Denial of Service PoC Exploit Title: RemShutdown 2.9.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested o...

mcrypt 2.6.8 - Stack Buffer Overflow (PoC)

mcrypt 2.6.8 - Stack Buffer Overflow PoC !/usr/bin/env python mcrypt = 2.6.8 stack-based buffer overflow poc http://mcrypt.sourceforge.net/ the command line tool, not the library date: 2012-09-04 exploit author: ishikawa tested on: ubuntu 12.04.1 tech: it overflows in checkfilehead when decryptin...

PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities

source: https://www.securityfocus.com/bid/28986/info PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. Successfully exploiting these issues will allow an attacker to...

Novell eDirectory 9.0 - DHost Remote Buffer Overflow

Novell eDirectory 9.0 - DHost Remote Buffer Overflow / . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 30\10\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through "MbdMP Going forward may not be the answer...

UNIX 7th Edition binmkdir - Local Buffer Overflow

UNIX 7th Edition binmkdir - Local Buffer Overflow / Exploit for /bin/mkdir Unix V7 PDP-11. mkdir has a buffer overflow when checking if the directory in /arg/with/slashes/fname exists. This will run /bin/sh with euid 0, but not uid 0. Since the shell doesn't do anything special about this, we don...

SuSE Security Announcement: lprold

-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: lprold Announcement-ID: SuSE-SA:2001:033 Date: Wed Oct 10 11:03:12 GMT 2001 Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1, 7.2 Vulnerability Type: bufferoverflow/local privilege escalation Severity 1-10: 6 SuSE default...

@stake Advisory: IIS 4.0/5.0 Phone Book server buffer overrun (A120400-1)

@stake, Inc. www.atstake.com Security Advisory Advisory Name: IIS 4.0/5.0 Phone Book server buffer overrun Release Date: 12/04/2000 Application: Microsoft's Phone Book Server on IIS 4.0, 5.0 Platform: Windows NT 4.0, Windows 2000 Severity: A buffer overflow conditions exists in pbserver.dll that...

New Solaris root exploit for /usr/lib/lp/bin/netpr

Word on the street is that others have noticed this hole, so here goes. Have you noticed how many holes have been discovered in the printing system on Solaris? The netpr program is no exception. Included with this message are two exploits I wrote in 1999, one for SPARC versions of Solaris and the...

ps_expl.sh

--- psexpl.sh: cut here --- !/bin/sh Exploit for Solaris 2.5.1 /usr/bin/ps J. Zbiciak, 5/18/97 change as appropriate CC=gcc Build the "replacement message" :- cat psexpl.po psexpl.c include include include define BUFLENGTH 632 define EXTRA 256 int mainint argc, char argv char bufBUFLENGTH + EXTRA...

RedHat Linux 5.1 - xosview

// source: https://www.securityfocus.com/bid/362/info xosview is an X11 system monitoring application that ships with RedHat 5.1 installed setuid root. A buffer overflow vulnerability was found in Xrm.cc, the offending code listed below: char userrfilename1024; strcpyuserrfilename, getenv"HOME";...

SGI IRIX 6.2 - 'eject' Local Privilege Escalation (2)

// source: https://www.securityfocus.com/bid/351/info A vulnerability exists in the eject program shipped with Irix 6.2 from Silicon Graphics. By supplying a long argument to the eject program, it is possible to overwrite the return address on the stack, and execute arbitrary code as root. Eject ...

Solaris 2.5.1 - 'chkey' Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/207/info The chkey program is used to change a users secure RPC Diffie-Hellman public key and secret key pair. A buffer overflow condition has been found in the chkey program. Since chkey has setuid root permissions, an unauthorized user may be able to...