Foxit Reader Crafted PDF Title Handling Stack Buffer Overflow

Added: 11/22/2010 OSVDB: 68648 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader for Windows is vulnerable to a stack buffer overflow which could allow execution of arbitrary code. A remote attacker can exploit this vulnerability by enticing a user t...

Oracle Secure Backup Administration selector parameter command injection

Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...

IBM Tivoli Storage Manager FastBack Mount Service Code Execution

Added: 10/18/2010 CVE: CVE-2010-3058 BID: 42549 OSVDB: 67292 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. TSM includes FastBack, which provides a client/server backup solution for the MS Windows environment. FastBack...

Microsoft Office Word RTF Parsing Engine Memory Corruption

Added: 08/12/2010 CVE: CVE-2010-1901 BID: 42132 OSVDB: 66995 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem Microsoft Office Word does not perform sufficient data validation when handling rich text data. When Wo...

Microsoft Excel DBQueryExt record parsing vulnerability

Added: 07/08/2010 CVE: CVE-2010-1253 BID: 40531 OSVDB: 65228 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A vulnerability in Microsoft Excel allows command execution when a user opens a spreadshee...

HP OpenView Network Node Manager snmpviewer.exe CGI Stack Buffer Overflow

Added: 07/01/2010 CVE: CVE-2010-1552 BID: 40068 OSVDB: 64975 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability in HP Openview NNM allows remote attackers to execute arbitrary commands by sending...

Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow

Added: 05/19/2010 CVE: CVE-2010-0265 BID: 38515 OSVDB: 62811 Background Windows Movie Maker is software for creating and editing home movies. Problem A buffer overflow vulnerability in the IsValidWMToolsStream function allows command execution when a user opens a specially crafted .MSWMM file...

Microsoft Visio DXF file insertion buffer overflow

Added: 05/07/2010 CVE: CVE-2010-1681 BID: 39836 Background Microsoft Visio is a component of the Microsoft Office suite which provides the capability to produce diagrams. Problem A buffer overflow vulnerability allows command execution when a user inserts a specially crafted DXF file into a Visio...

Sun Java Web Start command-line argument injection

Added: 04/20/2010 CVE: CVE-2010-0886 BID: 39492 OSVDB: 63798 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Sun Java Web Start allows execution of arbitrary commands which are...

Internet Explorer Eventparam use-after-free vulnerability

Added: 01/20/2010 CVE: CVE-2010-0249 BID: 37815 OSVDB: 61697 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A vulnerability in the Eventparam function can cause Internet Explorer's HTML engine to access memory that has already be...

Safari WebKit floating point number buffer overflow

Added: 09/16/2009 CVE: CVE-2009-2195 BID: 36023 OSVDB: 56988 Background Safari is a web browser for Mac OS X and Windows. Safari is built upon the WebKit browser engine. Problem A buffer overflow vulnerability in WebKit allows command execution when a user loads a page which contains a specially...

MS Office Word malformed Sprm record buffer overflow

Added: 08/05/2009 CVE: CVE-2009-0565 BID: 35190 OSVDB: 54960 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow in Microsoft Office Word allows remote command execution when a specially crafted Wor...

Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability

Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...

Microsoft PowerPoint 2000 CurrentUserAtom buffer overflow

Added: 05/21/2009 CVE: CVE-2009-1131 BID: 34841 OSVDB: 54393 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in Microsoft PowerPoint allows command execution when a user opens a presentation containin...

Microsoft PowerPoint Legacy File Format Printer driver buffer overflow

Added: 05/14/2009 CVE: CVE-2009-0227 BID: 34882 OSVDB: 54384 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in the Legacy File Format conversion filter PP4X322.dll allows command execution when a use...

Tivoli Storage Manager heap corruption

Added: 03/12/2009 CVE: CVE-2008-4563 BID: 34077 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. Problem A heap overflow allows remote attackers to execute arbitrary commands. Resolution Apply the workaround or solution...

Oracle Database OLAP component ODCITABLESTART buffer overflow

Added: 02/06/2009 CVE: CVE-2008-3974 BID: 33177 OSVDB: 51347 Background The Online Analytical Processing OLAP component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries. Problem A buffer overflow vulnerability in the ODCITABLESTART function allows...

HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow

Added: 01/14/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an HTTP request for the getcvdata.exe C...

Computer Associates License Service invalid command buffer overflow

Added: 12/24/2008 CVE: CVE-2005-0581 BID: 12705 OSVDB: 14389 Background The License service comes with most Computer Associatesproducts and exchanges license information over ports 10202/tcp and 10203/tcp. Problem A buffer overflow vulnerability allows a remote attacker to execute arbitrary...

GoodTech SSH Server SFTP buffer overflow

Added: 11/28/2008 CVE: CVE-2008-4726 BID: 31879 OSVDB: 49249 Background GoodTech SSH Server is an SSH Server providing secure remote console, secure file transfer, and secure port forwarding capabilities for Windows platforms. Problem Buffer overflow vulnerabilities in GoodTech SSH Server allow...

Trend Micro OfficeScan cgiRecvFile.exe ComputerName buffer overflow

Added: 09/23/2008 CVE: CVE-2008-2437 BID: 31139 OSVDB: 48024 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in cgiRecvFile.exe allows remote attackers to execute arbitrary commands by sending an HTTP request...

CoolPlayer m3u playlist processing filename buffer overflow

Added: 08/13/2008 CVE: CVE-2008-3408 BID: 30418 OSVDB: 47194 Background CoolPlayer is a free audio player for Windows platforms. Problem A buffer overflow vulnerability in CoolPlayer allows command execution when a user opens an m3u playlist file containing a specially crafted filename. Resolutio...

CA ARCserve Backup xdr_rwsstring buffer overflow

Added: 05/27/2008 CVE: CVE-2008-2242 BID: 29283 OSVDB: 45368 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. It runs several services which use the SUN Remote Procedure Call SUN-RPC protocol. SUN-RPC messages are defined using the External Data...

Motorola Timbuktu login request buffer overflow

Added: 05/15/2008 CVE: CVE-2007-4221 BID: 25454 OSVDB: 40124 Background Motorola Timbuktu is remote control software for Windows and Mac. It runs a service which listens for connections on port 407/TCP or 407/UDP. Problem A buffer overflow vulnerability when processing login requests allows remot...

Informix Dynamic Server sqlexec password argument buffer overflow

Added: 05/09/2008 CVE: CVE-2008-0727 BID: 28198 OSVDB: 42701 Background Informix Dynamic Server is a database solution from IBM. The oninit.exe process listens for connections on port 1526/TCP. Problem The oninit.exe process does not sufficiently check the length of command-line arguments passed ...

HP Openview Network Node Manager Ovalarmsrv buffer overflow

Added: 04/18/2008 CVE: CVE-2008-3544 BID: 28668 OSVDB: 50076 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in the Ovalarmsrv service in Network Node Manager allows remote attackers to execute...

RealNetworks Helix Server RTSP Proxy-Require heap overflow

Added: 03/18/2008 CVE: CVE-2008-5911 BID: 33059 Background RealNetworks Helix Server is a media server supporting multiple formats and platforms. Problem A heap overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted Proxy-Require header i...

Yahoo Music Jukebox MediaGrid ActiveX buffer overflow

Added: 02/11/2008 CVE: CVE-2008-0625 BID: 27578 OSVDB: 41051 Background Yahoo! Music Jukebox is a music player capable of playing, ripping, and burning MP3s and CDs, creating and sharing playlists, streaming radio stations, and purchasing music. Problem A buffer overflow vulnerability in the...

Firebird username buffer overflow

Added: 02/11/2008 CVE: CVE-2008-0467 BID: 27467 OSVDB: 40924 Background Firebird is a freely available relational database which is available for multiple platforms. Problem A buffer overflow vulnerability in Firebird allows remote, unauthenticated attackers to execute arbitrary commands by sendi...

MySQL MaxDB cons.exe command injection

Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...

Lotus Domino Web Access ActiveX control dwa7w.dll buffer overflow

Added: 12/31/2007 CVE: CVE-2007-4474 BID: 26972 OSVDB: 40954 Background Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. Problem A buffer overflow vulnerability in the Lotus Domino Web Access ActiveX control in the dwa7w.dl...

MacroVision InstallShield Update Service isusweb.dll unsafe method

Added: 12/07/2007 CVE: CVE-2007-5660 BID: 26280 OSVDB: 38347 Background MacroVision InstallShield is software for creating installers or software packages. Problem Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page...

MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow

Added: 12/03/2007 CVE: CVE-2007-3999 BID: 25534 OSVDB: 37324 Background Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol. Problem A buffer overflow in the svcauthgssvalidate...

Microsoft Color Management Module profile tag buffer overflow

Added: 11/30/2007 CVE: CVE-2005-1219 BID: 14214 OSVDB: 17830 Background The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium ICC profiles are used to ensure that colors are represented accurately to users. Problem A buffer...

Microsoft SQL Server Distributed Management Objects buffer overflow

Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...

Microsoft Visual Studio PDWizard.ocx ActiveX vulnerability

Added: 09/30/2007 CVE: CVE-2007-4891 BID: 25638 OSVDB: 37106 Background Microsoft Visual Studio is a product for facilitating software development on Windows operating systems. Problem ActiveX controls contained in the PDWizard.ocx file in Microsoft Visual Studio 6.0 expose the StartProcess metho...

Microsoft Agent crafted URL vulnerability

Added: 09/11/2007 CVE: CVE-2007-3040 BID: 25566 OSVDB: 36934 Background Microsoft Agent is a component of the Windows operating system designed to make using a computer easier through enriched user interaction. Problem A vulnerability in Microsoft Agent allows command execution when a user loads ...

Snort Back Orifice Pre-Processor buffer overflow

Added: 08/28/2007 CVE: CVE-2005-3252 BID: 15131 OSVDB: 20034 Background Back Orifice is a remote system administration program for Windows. It is commonly installed by attackers or Trojan Horse programs for use as a backdoor. Snort is an open-source intrusion detection system. It includes a Back...

Trend Micro ServerProtect RPC NTF_SetPagerNotifyConfig buffer overflow

Added: 08/23/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39754 Background ServerProtect is a virus scanner for servers. Problem A buffer overflow in the NTFSetPagerNotifyConfig function within the Notification.dll library allows remote attackers to execute arbitrary commands by sending a specially...

Novell Client 4.91 SP4 nwspool.dll buffer overflow

Added: 08/10/2007 CVE: CVE-2007-6701 BID: 25092 OSVDB: 37319 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote...

Windows rshd buffer overflow

Added: 08/03/2007 CVE: CVE-2007-4006 BID: 25044 OSVDB: 38572 Background The Windows implementation of RSHD is a remote shell daemon which has been adapted to run on Windows platforms. Problem A buffer overflow vulnerability in the Windows implementation of RSHD allows remote attackers to execute...

Ipswitch IMail IMAP SUBSCRIBE command buffer overflow

Added: 08/02/2007 CVE: CVE-2007-3927 BID: 24962 OSVDB: 36222 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SUBSCRIBE command...

Snort DCE/RPC preprocessor buffer overflow

Added: 07/09/2007 CVE: CVE-2006-5276 BID: 22616 OSVDB: 32094 Background Snort is an open-source intrusion detection system. It includes a DCE/RPC preprocessor, which reassembles DCE/RPC traffic before it is passed to the intrusion detection engine. Problem A buffer overflow vulnerability in the...

RealPlayer SMIL file wallclock buffer overflow

Added: 06/29/2007 CVE: CVE-2007-3410 BID: 24658 OSVDB: 37374 Background RealPlayer includes support for Synchronized Multimedia Integration Language SMIL files. Problem A buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL...

BrightStor ARCserve Media Server SUN RPC buffer overflow

Added: 05/03/2007 CVE: CVE-2007-2139 BID: 23635 OSVDB: 34127 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. ARCserve Media Server is a component which comes with ARCserve Backup. Problem ARCserve Media Server is affected by multiple buffer...

Lotus Domino IMAP CRAM-MD5 authentication buffer overflow

Added: 04/23/2007 CVE: CVE-2007-1675 BID: 23172 OSVDB: 34091 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem A buffer overflow vulnerability in the CRAM-MD5 authentication function in the Lotus Domino IMAP service allows remote attackers to...

SupportSoft tgctlsi.dll ActiveX control buffer overflow

Added: 03/15/2007 CVE: CVE-2006-6490 BID: 22564 OSVDB: 33481 Background SupportSoft ActiveX controls are used by third-party products to provide remote technical support. Problem SupportSoft ActiveX controls are affected by multiple buffer overflow vulnerabilities which can lead to command...

snmpXdmid buffer overflow

Added: 03/12/2007 CVE: CVE-2001-0236 BID: 2417 OSVDB: 546 Background The SNMP to DMI mapper daemon snmpXdmid translates Simple Network Management Protocol SNMP events to Desktop Management Interface DMI indications and vice-versa. Problem snmpXdmid is affected by a buffer overflow vulnerability...

HP Mercury LoadRunner mchan.dll buffer overflow

Added: 02/16/2007 CVE: CVE-2007-0446 BID: 22487 OSVDB: 33132 Background HP Mercury LoadRunner is a load testing solution. Problem A buffer overflow in the mchan.dll library allows remote attackers to execute arbitrary commands by sending a packet with a long serveripname field to port 54345/TCP...

VERITAS NetBackup bpcd daemon command chaining vulnerability

Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...