Wireshark DECT Dissector PCAP File Processing Overflow

Added: 10/11/2011 CVE: CVE-2011-1591 BID: 47392 OSVDB: 71848 Background Wireshark is a network packet analyzer. Problem A buffer overflow vulnerability in the DECT dissector epan/dissectors/packet-dect.c allows command execution via a specially crafted .pcap file. Resolution Upgrade to Wireshark...

EMC Autostart ftAgent Overflow

Added: 09/19/2011 CVE: CVE-2011-2735 BID: 49238 OSVDB: 74597 Background EMC AutoStart is a cross-platform high-availability clustering solution. Problem The Agent Service of EMC AutoStart listens on TCP port 8045 and is vulnerable to a heap overflow when parsing malformed messages with opcode 0x1...

VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow

Added: 05/26/2011 CVE: CVE-2011-1574 OSVDB: 72143 Background VideoLAN VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VLC media player is vulnerable to a stack buffer overflow because the ReadS3M function in libmodplug fails to properl...

CA Total Defense UNCWS DeleteReports SQL Injection

Added: 05/12/2011 CVE: CVE-2011-1653 BID: 47355 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE2, fails to validate certain parameters...

DATAC RealWin SCADA Server TAG function stack overflow

Added: 04/20/2011 CVE: CVE-2011-1563 BID: 46937 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially...

Adobe Reader Flash AVM2 Memory Corruption

Added: 03/30/2011 CVE: CVE-2011-0609 BID: 46860 OSVDB: 71254 Background Adobe Reader is free software for viewing PDF documents. Problem Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. Resolution Updat...

Microsoft WMI Administrative Tools ActiveX Control AddContextRef vulnerability

Added: 01/07/2011 CVE: CVE-2010-3973 BID: 45546 OSVDB: 69942 Background Microsoft WMI Administrative Tools is a tool suite containing WMI CIM Studio, WMI Object Browser, WMI Event Registration Tool, and WMI Event Viewer. Problem A vulnerability in the WMI Object Viewer ActiveX control...

Adobe Flash Player Flash Content Parsing Code Execution

Added: 11/16/2010 CVE: CVE-2010-3654 BID: 44504 OSVDB: 68932 Background Adobe Reader is free software for viewing PDF documents. Problem Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. Resolution Apply...

DATAC RealWin SCADA Server SCPC_INITIALIZE buffer overflow

Added: 11/08/2010 CVE: CVE-2010-4142 BID: 44150 OSVDB: 68812 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

Microsoft Office Excel RTD Topic String Buffer Overflow

Added: 10/20/2010 CVE: CVE-2010-1246 BID: 40524 OSVDB: 65238 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Office Excel 2002 is vulnerable to a buffer overflow when parsing Real Time Data RTD Future...

HP Data Protector Express DtbClsLogin function buffer overflow

Added: 10/07/2010 CVE: CVE-2010-3007 BID: 43105 OSVDB: 67973 Background HP Data Protector Express is a backup and recovery solution for single machines and small networks. Problem A buffer overflow vulnerability in dpwindtb.dll in the DtbClsLogin function allows remote attackers to execute...

ARP Spoof

Added: 08/23/2010 Background The Address Resolution Protocol ARP is used to resolve IP addresses into the hardware addresses which are used for delivering packets on a local network. Problem It is possible to send a computer a forged ARP reply, which is then stored in that computer's cache. This...

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

Apple Safari parent.close() Invalid Pointer Code Execution

Added: 05/28/2010 CVE: CVE-2010-1939 BID: 39990 OSVDB: 64482 Background Safari is a web browser for Mac OS X and Windows. Problem Apple Safari 4.0.5 for Windows and probably earlier allows remote attackers to execute arbitrary code by enticing the user to open a crafted HTML document. The crafted...

IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...

Internet Explorer Tabular Data Control DataURL memory corruption

Added: 04/22/2010 CVE: CVE-2010-0805 BID: 39025 OSVDB: 63329 Background Tabular Data Control is an ActiveX control which can be used to display data from a delimited text file. Problem A memory corruption vulnerability allows command execution when a user loads a web page which invokes Tabular Da...

Windows Media Unicast Service transport information packet buffer overflow

Added: 04/14/2010 CVE: CVE-2010-0478 Background The Windows Media Unicast Service is the part of Windows Media Services which allows streaming media to be sent to a specific user. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially...

Nagios statuswml.cgi Command Injection

Added: 04/13/2010 CVE: CVE-2009-2288 BID: 35464 OSVDB: 55281 Background Nagios is a network host and service monitoring and management system. Problem The Nagios statuswml.cgi script passes unsanitized data to the ping and traceroute commands, resulting in shell command execution via...

Internet Explorer Eventparam use-after-free vulnerability

Added: 01/20/2010 CVE: CVE-2010-0249 BID: 37815 OSVDB: 61697 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A vulnerability in the Eventparam function can cause Internet Explorer's HTML engine to access memory that has already be...

Adobe Reader media.newPlayer Use-After-Free Code Execution

Added: 12/23/2009 CVE: CVE-2009-4324 BID: 37331 OSVDB: 60980 Background Adobe Reader is free software for viewing PDF documents. Problem This issue is caused by a use-after-free error within the "Doc.Media.newPlayer" JavaScript function, which could be exploited by attackers to execute arbitrary...

Adobe Reader media.newPlayer Use-After-Free Code Execution

Added: 12/23/2009 CVE: CVE-2009-4324 BID: 37331 OSVDB: 60980 Background Adobe Reader is free software for viewing PDF documents. Problem This issue is caused by a use-after-free error within the "Doc.Media.newPlayer" JavaScript function, which could be exploited by attackers to execute arbitrary...

Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution

Added: 11/20/2009 CVE: CVE-2009-2997 BID: 36638 OSVDB: 58926 Background Adobe Reader is free software for viewing PDF documents. Problem A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D U3D file...

Adobe Reader FlateDecode filter TIFF Predictor integer overflow

Added: 10/27/2009 CVE: CVE-2009-3459 BID: 36600 OSVDB: 58729 Background Adobe Reader is free software for viewing PDF documents. Problem An integer overflow in the FlateDecode filter in Adobe Reader allows command execution when a user opens a PDF file containing specially crafted compressed...

Microsoft Excel BIFF format Qsir record memory corruption

Added: 09/11/2009 CVE: CVE-2009-1134 BID: 35246 OSVDB: 54958 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability allows command execution when a user closes a spreadshee...

Oracle Secure Backup login.php ora_osb_lcookie command execution

Added: 06/22/2009 CVE: CVE-2008-4006 BID: 33177 OSVDB: 51343 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

Adobe Reader Javascript API getAnnots method vulnerability

Added: 05/29/2009 CVE: CVE-2009-1492 BID: 34736 OSVDB: 54130 Background Adobe Reader is free software for viewing PDF documents. Problem A vulnerability in the Javascript API allows command execution when a user opens a PDF file which calls the getAnnots method with specially crafted arguments...

Symantec Alert Management System Intel Alert Originator Service msgsys.exe buffer overflow

Added: 05/05/2009 CVE: CVE-2009-1430 BID: 34674 OSVDB: 54159 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel Alert Originator IAO service is a component of AMS2. The msgsys.exe process is a preprocessor for the IAO service and listens on TCP...

Fujitsu SystemcastWizard Lite PXE service buffer overflow

Added: 03/03/2009 CVE: CVE-2009-0270 BID: 33342 OSVDB: 51486 Background SystemcastWizard Lite is support software for the setup of Primequest systems. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted datagram to the...

Adobe Reader JBIG2 image stream buffer overflow

Added: 02/27/2009 CVE: CVE-2009-0658 BID: 33751 OSVDB: 52073 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file containing a special...

Oracle Database OLAP component ODCITABLESTART buffer overflow

Added: 02/06/2009 CVE: CVE-2008-3974 BID: 33177 OSVDB: 51347 Background The Online Analytical Processing OLAP component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries. Problem A buffer overflow vulnerability in the ODCITABLESTART function allows...

Mozilla Firefox UTF-8 URL buffer overflow

Added: 12/31/2008 CVE: CVE-2008-0016 BID: 31397 OSVDB: 48780 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A buffer overflow vulnerability in Mozilla Firefox allows command execution when a user follows a link to a specially crafted UTF-8 URL...

Microsoft Excel TXO and OBJ record parsing memory corruption

Added: 12/18/2008 CVE: CVE-2008-4265 BID: 32618 OSVDB: 50556 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability allows command execution when a user opens an Excel...

Microsoft Excel TXO and OBJ record parsing memory corruption

Added: 12/18/2008 CVE: CVE-2008-4265 BID: 32618 OSVDB: 50556 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability allows command execution when a user opens an Excel...

Microsoft Excel formula parsing integer overflow

Added: 10/24/2008 CVE: CVE-2008-4019 BID: 31706 OSVDB: 49078 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem An integer overflow in the REPT function allows command execution when a user loads an Exc...

Novell Client nwspool.dll EnumPrinters buffer overflow

Added: 02/22/2008 CVE: CVE-2008-0639 BID: 27741 OSVDB: 41510 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by a buffer overflow in the EnumPrinters function, allowing remote attackers to execute...

Oracle XDB component PITRIG_TRUNCATE buffer overflow

Added: 02/01/2008 CVE: CVE-2008-0339 BID: 27229 OSVDB: 40300 Background The PITRIGTRUNCATE function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGTRUNCATE function allows remote, authenticated attackers to...

Adobe Flash Player ActionScript launch command execution

Added: 01/07/2008 CVE: CVE-2008-5499 BID: 32896 OSVDB: 50796 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell...

Trend Micro ServerProtect RPCFN_CMON_SetSvcImpersonateUser buffer overflow

Added: 12/28/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39752 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow in the ServerProtect service allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request which is...

Samba lsa_io_trans_names buffer overflow

Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...

BrightStor ARCserve Message Engine opnum 0x10d buffer overflow

Added: 10/18/2007 CVE: CVE-2007-5327 BID: 26015 OSVDB: 41369 Background CA ARCserve Bac kup formerly BrightStor ARCserve Backup is a backup and recovery solution. It runs a Message Engine RPC service on port 6504/TCP by default. Problem A buffer overflow in BrightStor ARCserve Backup allows remot...

Windows MDAC RDS.Dataspace ActiveX control vulnerability

Added: 07/16/2007 CVE: CVE-2006-0003 BID: 17462 OSVDB: 24517 Background Microsoft Data Access Components MDAC enable Universal Data Access in Windows applications deployed over a network. Problem A cross-zone scripting vulnerability in the RDS.Dataspace ActiveX control in MDAC allows command...

Internet Explorer Content Advisor memory corruption

Added: 06/20/2007 CVE: CVE-2005-0555 BID: 13117 OSVDB: 15466 Background The Content Advisor is used to control what content is viewable in Internet Explorer. Problem A memory corruption vulnerability in the Content Advisor allows command execution when a user loads a specially crafted page in...

Trend Micro ServerProtect CMON_ActiveUpdate buffer overflow

Added: 06/18/2007 CVE: CVE-2007-1070 BID: 22639 OSVDB: 33042 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow vulnerability in the CMONActiveUpdate and CMONActiveRollback functions allows remote attackers to execute arbitrary commands by sending a...

Microsoft Excel Named Graph record buffer overflow

Added: 05/24/2007 CVE: CVE-2007-0215 BID: 23760 OSVDB: 34393 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a speciall...

System V login argument array buffer overflow

Added: 03/30/2007 CVE: CVE-2001-0797 BID: 3681 OSVDB: 690 Background The login program is used by various applications for authentication to the system. Problem The login program dervied from System V is affected by a buffer overflow vulnerability when processing a long argument array. A remote...

snmpXdmid buffer overflow

Added: 03/12/2007 CVE: CVE-2001-0236 BID: 2417 OSVDB: 546 Background The SNMP to DMI mapper daemon snmpXdmid translates Simple Network Management Protocol SNMP events to Desktop Management Interface DMI indications and vice-versa. Problem snmpXdmid is affected by a buffer overflow vulnerability...

Solaris telnetd authentication bypass

Added: 02/16/2007 CVE: CVE-2007-0882 BID: 22512 OSVDB: 31881 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program in Solaris 10 and 11...

Solaris telnetd authentication bypass

Added: 02/16/2007 CVE: CVE-2007-0882 BID: 22512 OSVDB: 31881 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program in Solaris 10 and 11...

VERITAS NetBackup bpcd daemon command chaining vulnerability

Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...

3Com TFTP server Transporting Mode buffer overflow

Added: 12/08/2006 CVE: CVE-2006-6183 BID: 21301 OSVDB: 30758 Background 3CTftpSvc by 3Com is a freeware implementation of the TFTP protocol for Windows. Problem A buffer overflow vulnerability in the 3Com TFTP server allows remote attackers to execute arbitrary commands by sending a long, special...