4305 matches found
Adobe Illustrator EPS File DSC Comment Buffer Overflow
Added: 01/20/2010 CVE: CVE-2009-4195 BID: 37192 OSVDB: 60632 Background Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals that is used for both drawing and typographical work. Illustrator supports several vector file formats including AI, CDR, PD...
Novell iPrint Client ienipp.ocx target-frame buffer overflow
Added: 01/12/2010 CVE: CVE-2009-1568 BID: 37242 OSVDB: 60803 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow in ienipp.ocx allows command...
Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow
Added: 11/06/2009 CVE: CVE-2009-3867 BID: 36881 OSVDB: 59711 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...
Novell Client NetIdentity Agent XTIERRPCPIPE pointer dereference vulnerability
Added: 07/24/2009 CVE: CVE-2009-1350 BID: 34400 OSVDB: 53351 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem A vulnerability in the xtagent.exe program allows remote, authenticated attackers to execute arbitrary commands by sending a specially crafted...
Unisys Business Information Server mnet.exe buffer overflow
Added: 06/30/2009 CVE: CVE-2009-1628 BID: 35494 OSVDB: 55435 Background The Unisys Business Information Server is an information management solution which provides data access across an enterprise. It includes the mnet.exe program which listens for connections on ports 3985/TCP and 3986/TCP...
Novell GroupWise Internet Agent e-mail address buffer overflow
Added: 06/05/2009 CVE: CVE-2009-1636 BID: 35064 OSVDB: 54645 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability allows a remote attacker to execute arbitrary commands by sending a message containing a specially crafted e-mail address ...
Microsoft DirectX DirectShow QuickTime movie parsing vulnerability
Added: 06/03/2009 CVE: CVE-2009-1537 BID: 35139 OSVDB: 54797 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A command execution...
Microsoft PowerPoint Legacy File Format Master Page buffer overflow
Added: 05/14/2009 CVE: CVE-2009-1137 BID: 34876 OSVDB: 54381 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in the Legacy File Format conversion filter PP4X322.dll allows command execution when a use...
Microsoft PowerPoint invalid object reference vulnerability
Added: 04/20/2009 CVE: CVE-2009-0556 BID: 34351 OSVDB: 53182 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability in Microsoft PowerPoint allows command execution when an invalid object is referenced...
Microsoft Works WkImgSrv.dll ActiveX Control WksPictureInterface vulnerability
Added: 01/08/2009 CVE: CVE-2008-1898 BID: 28820 OSVDB: 44458 Background Microsoft Works is a suite of productivity tools for home users. Problem The WkImgSrv.dll ActiveX control included in Microsoft Works allows command execution when a user loads a web page which instantiates the control with a...
Mozilla Firefox UTF-8 URL buffer overflow
Added: 12/31/2008 CVE: CVE-2008-0016 BID: 31397 OSVDB: 48780 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A buffer overflow vulnerability in Mozilla Firefox allows command execution when a user follows a link to a specially crafted UTF-8 URL...
Windows search-ms protocol handler command execution vulnerability
Added: 12/11/2008 CVE: CVE-2008-4269 BID: 32652 OSVDB: 50566 Background The search-ms protocol allows applications to query the Windows Search index. Problem A vulnerability in Windows allows command execution when a user follows a specially crafted search-ms URL which passes arbitrary arguments ...
Trend Micro OfficeScan CGI programs POST request buffer overflow
Added: 10/31/2008 CVE: CVE-2008-3862 BID: 31859 OSVDB: 49275 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending specially crafted HTTP POST requests ...
Microsoft Excel formula parsing integer overflow
Added: 10/24/2008 CVE: CVE-2008-4019 BID: 31706 OSVDB: 49078 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem An integer overflow in the REPT function allows command execution when a user loads an Exc...
Microsoft Rich Textbox ActiveX control SaveFile vulnerability
Added: 10/07/2008 CVE: CVE-2008-0237 BID: 27201 OSVDB: 40234 Background Microsoft Rich Textbox is an ActiveX control which comes with Visual Basic and allows creation of formatted text in RTF files. It is located in the Richtx32.ocx file. Problem The SaveFile method in the Rich Textbox ActiveX...
Trend Micro OfficeScan cgiRecvFile.exe ComputerName buffer overflow
Added: 09/23/2008 CVE: CVE-2008-2437 BID: 31139 OSVDB: 48024 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in cgiRecvFile.exe allows remote attackers to execute arbitrary commands by sending an HTTP request...
Windows Media Encoder 9 wmex.dll ActiveX buffer overflow
Added: 09/09/2008 CVE: CVE-2008-3008 BID: 31065 OSVDB: 47962 Background Windows Media Encoder is a tool for content producers to capture and compress audio and video content. Windows Media Encoder 9 installs the wmex.dll ActiveX control. Problem A buffer overflow vulnerability in the wmex.dll...
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
Added: 07/30/2008 CVE: CVE-2007-0774 BID: 22791 OSVDB: 33855 Background Apache Tomcat is a Java web application platform which can run under various types of web servers. The JK Web Server Connector modjk is used for communication between Tomcat and the web server. Problem A buffer overflow in a...
SNMPc Network Manager SNMP TRAP community string buffer overflow
Added: 07/21/2008 CVE: CVE-2008-2214 BID: 28990 OSVDB: 44885 Background SNMPc Network Manager is a distributed network management and monitoring solution. Problem A buffer overflow vulnerability in SNMPc Network Manager allows remote attackers to execute arbitrary commands by sending an SNMP TRAP...
Microsoft Office Drawing Shapes memory corruption vulnerability
Added: 04/04/2008 CVE: CVE-2008-0118 BID: 28146 OSVDB: 42709 Background Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. Problem A memory corruption vulnerability allows command...
Microsoft Excel conditional formatting vulnerability
Added: 03/14/2008 CVE: CVE-2008-0117 BID: 28170 OSVDB: 42731 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A vulnerability in Microsoft Excel allows command execution when a user opens a file...
Trend Micro OfficeScan Policy Server CGI buffer overflow
Added: 03/03/2008 CVE: CVE-2008-1365 BID: 28020 OSVDB: 42500 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in the Policy Server for Cisco NAC component allows remote attackers to execute arbitrary commands by...
Trend Micro OfficeScan Policy Server CGI buffer overflow
Added: 03/03/2008 CVE: CVE-2008-1365 BID: 28020 OSVDB: 42500 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in the Policy Server for Cisco NAC component allows remote attackers to execute arbitrary commands by...
Trend Micro OfficeScan Policy Server CGI buffer overflow
Added: 03/03/2008 CVE: CVE-2008-1365 BID: 28020 OSVDB: 42500 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in the Policy Server for Cisco NAC component allows remote attackers to execute arbitrary commands by...
Microsoft Works File Converter index table vulnerability
Added: 02/22/2008 CVE: CVE-2008-0105 BID: 27658 OSVDB: 41458 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows arbitrary command execution when a user opens a .w...
MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow
Added: 12/03/2007 CVE: CVE-2007-3999 BID: 25534 OSVDB: 37324 Background Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol. Problem A buffer overflow in the svcauthgssvalidate...
QuickTime PICT image UncompressedQuickTimeData buffer overflow
Added: 11/19/2007 CVE: CVE-2007-4672 BID: 26344 OSVDB: 38547 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow vulnerability in QuickTime allows command execution when a user opens a specially crafted PICT image containing an invalid...
Symantec Norton NavComUI ActiveX control vulnerability
Added: 09/20/2007 CVE: CVE-2007-2955 BID: 24983 OSVDB: 36477 Background The Symantec Norton product suite includes antivirus, firewall, and other security functions. Problem Vulnerabilities in the AxSysListView32 and AxSysListView32OAA ActiveX controls, implemented by the NavComUI.dll library...
Trend Micro ServerProtect RPC NTF_SetPagerNotifyConfig buffer overflow
Added: 08/23/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39754 Background ServerProtect is a virus scanner for servers. Problem A buffer overflow in the NTFSetPagerNotifyConfig function within the Notification.dll library allows remote attackers to execute arbitrary commands by sending a specially...
Solaris loadable kernel module directory traversal
Added: 06/22/2007 CVE: CVE-2004-1767 BID: 9477 OSVDB: 15128 Background Loadable kernel modules are programs which can be dynamically loaded into the kernel. Problem A directory traversal vulnerability in the vfsgetvfssw function in the Solaris kernel allows unprivileged users to load their own...
Internet Explorer Content Advisor memory corruption
Added: 06/20/2007 CVE: CVE-2005-0555 BID: 13117 OSVDB: 15466 Background The Content Advisor is used to control what content is viewable in Internet Explorer. Problem A memory corruption vulnerability in the Content Advisor allows command execution when a user loads a specially crafted page in...
Microsoft Step-by-Step Interactive Training bookmark buffer overflow
Added: 05/04/2007 CVE: CVE-2006-3448 BID: 22484 OSVDB: 31883 Background Microsoft Step-by-Step Interactive Training is the engine used by various training programs. Problem A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training allows command execution when a specially...
System V login argument array buffer overflow
Added: 03/30/2007 CVE: CVE-2001-0797 BID: 3681 OSVDB: 690 Background The login program is used by various applications for authentication to the system. Problem The login program dervied from System V is affected by a buffer overflow vulnerability when processing a long argument array. A remote...
snmpXdmid buffer overflow
Added: 03/12/2007 CVE: CVE-2001-0236 BID: 2417 OSVDB: 546 Background The SNMP to DMI mapper daemon snmpXdmid translates Simple Network Management Protocol SNMP events to Desktop Management Interface DMI indications and vice-versa. Problem snmpXdmid is affected by a buffer overflow vulnerability...
Trend Micro OfficeScan client ActiveX control buffer overflow
Added: 02/21/2007 CVE: CVE-2007-0325 BID: 22585 OSVDB: 33040 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem The OfficeScan Web-Deployment SetupINICtrl ActiveX control, which is vulnerable to buffer overflows in multiple methods, is...
Microsoft PowerPoint NamedShows record code execution
Added: 10/12/2006 CVE: CVE-2006-4694 BID: 20226 OSVDB: 29259 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem Improper handling of malformed NamedShows records in PowerPoint files allows command execution. Resolution Apply the patch...
Windows RASMAN registry corruption vulnerability
Added: 07/28/2006 CVE: CVE-2006-2371 BID: 18358 OSVDB: 26436 Background The Routing and Remote Access Service RRAS allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. The Remote Access Connection Manager RASMAN service handles the detail...
Computer Associates License Service GCR buffer overflow
Added: 07/28/2006 CVE: CVE-2005-0581 BID: 12705 OSVDB: 14389 Background The License service comes with most Computer Associatesproducts and exchanges license information over ports 10202/tcp and 10203/tcp. Problem A buffer overflow vulnerability in the processing of GCR messages allows remote...
IMail LDAP buffer overflow
Added: 07/06/2006 CVE: CVE-2004-0297 BID: 9682 OSVDB: 3984 Background IMail is an e-mail server for Windows platforms. It includes a service which implements the Lightweight Directory Access Protocol LDAP. Problem A buffer overflow in IMail's LDAP service allows a remote attacker to overwrite the...
Mozilla Firefox GIF processing buffer overflow
Added: 06/09/2006 CVE: CVE-2005-0399 BID: 12881 OSVDB: 14937 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A heap overflow in Mozilla Firefox when processing GIF images with the obsolete Netscape extension 2 allows command execution when a use...
Samba call_trans2open buffer overflow
Added: 06/02/2006 CVE: CVE-2003-0201 BID: 7294 OSVDB: 4469 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A buffer overflow in the calltrans2open function allows anonymous remote attackers t...
SHOUTcast filename format string vulnerability
Added: 05/17/2006 CVE: CVE-2004-1373 BID: 12096 OSVDB: 12585 Background SHOUTcast is a streaming audio server based on Winamp. Problem A format string vulnerability in SHOUTcast allows remote attackers to execute commands by requesting a MP3 filename containing format string characters such as %n...
VERITAS Backup Exec Agent Browser hostname buffer overflow
Added: 04/07/2006 CVE: CVE-2004-1172 BID: 11974 OSVDB: 12418 Background VERITAS Backup Exec for Windows is a data backup and recovery solution. Problem A buffer overflow in the VERITAS Backup Exec Agent Browser allows a remote attacker to execute commands by sending a long, specially crafted...
Internet Explorer COM object instantiation vulnerability
Added: 02/24/2006 CVE: CVE-2005-1990 BID: 14511 OSVDB: 18612 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. Problem Improper instantiation of certain COM objects as ActiveX controls by Internet...
Mozilla Firefox QueryInterface method memory corruption
Added: 02/10/2006 CVE: CVE-2006-0295 BID: 16476 OSVDB: 22893 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A memory corruption in the QueryInterface method of the Location and Navigator objects leads to command execution. Resolution Upgrade to...
Mozilla Firefox QueryInterface method memory corruption
Added: 02/10/2006 CVE: CVE-2006-0295 BID: 16476 OSVDB: 22893 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A memory corruption in the QueryInterface method of the Location and Navigator objects leads to command execution. Resolution Upgrade to...
Citrix Program Neighborhood name buffer overflow
Added: 02/01/2006 CVE: CVE-2005-3652 BID: 15907 OSVDB: 21816 Background Citrix Presentation Server, formerly Citrix MetaFrame, allows applications to be deployed across a network to various client platforms, including Windows, Unix, Macintosh, DOS, and OS/2. The Program Neighborhood Agent running...
Windows WMF handling vulnerability
Added: 12/30/2005 CVE: CVE-2005-4560 BID: 16074 OSVDB: 21987 Background A Windows Metafile WMF image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A flaw in the way specially crafted WMF images are handled can allow arbitrary command executio...
Eudora WorldMail IMAP LIST command buffer overflow
Added: 12/30/2005 CVE: CVE-2005-4267 BID: 15980 OSVDB: 22097 Background Eudora WorldMail is an e-mail server for Windows. Problem A long IMAP command ending with a close brace character could result in a buffer overflow, leading to remote command execution. Resolution Upgrade to a version of Eudo...
VERITAS NetBackup Java Administration Console format string vulnerability
Added: 11/30/2005 CVE: CVE-2005-2715 BID: 15079 OSVDB: 19949 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The bpjava-msvc component of the Java Administration Console in Veritas NetBackup 4.5 through 6.0 is affected by a format string vulnerabilit...