4305 matches found
Trend Micro Control Manager AddTask buffer overflow
Added: 01/16/2012 CVE: CVE-2011-5001 BID: 50965 OSVDB: 77585 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A buffer overflow vulnerability in the AddTask function allows remote attackers to execute arbitrary code by sending a speciall...
Hastymail rs parameter command injection
Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...
Microsoft Excel Substream Parsing Integer Overflow
Added: 11/08/2011 CVE: CVE-2011-0097 OSVDB: 71758 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2007 versions lacking the patch KB2464583 detailed in Microsoft Security Advisory...
Microsoft Excel Substream Parsing Integer Overflow
Added: 11/08/2011 CVE: CVE-2011-0097 OSVDB: 71758 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2007 versions lacking the patch KB2464583 detailed in Microsoft Security Advisory...
Symantec IM Manager IMAdminLDAPConfig.asp SQL injection
Added: 10/31/2011 CVE: CVE-2011-0553 BID: 49738 OSVDB: 75984 Background Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise. Problem An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitra...
Citrix Access Gateway NESPA ActiveX Control
Added: 09/13/2011 CVE: CVE-2011-2882 BID: 48676 OSVDB: 74191 Background Citrix Access Gateway is an application remote-access solution. Problem The Citrix Access Gateway installs an ActiveX plug-in on the user's browser. Plug-in versions 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable to a stack...
Adobe Flash Player ActionScript Function Arguments Code Execution
Added: 08/22/2011 CVE: CVE-2011-2110 BID: 48268 OSVDB: 73007 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player ActionScript Engine is vulnerable to an information leak that can be leveraged to execute...
ESTsoft ALZip MIM File Handling Buffer Overflow
Added: 08/09/2011 CVE: CVE-2011-1336 BID: 48493 OSVDB: 73684 Background ESTsoft ALZip is a Windows-based file compression program that can unzip 40 different zip file archives. ALZip can zip files into 8 different archives such as ZIP, EGG, TAR and others. Problem ESTsoft ALZip 8.21 and earlier i...
Oracle Outside In CDR File Parser Stack Buffer Overflow
Added: 08/05/2011 CVE: CVE-2011-2264 BID: 48766 OSVDB: 73912 Background Oracle Outside In is a suite of Software Development Kits SDKs and tools that provide functionality for reading and writing many different file formats. The Outside In SDK is embedded by multiple client and server products th...
McAfee Firewall Reporter isValidClient Authentication Bypass
Added: 06/03/2011 BID: 47306 OSVDB: 71842 Background McAfee Firewall Reporter is an enterprise-class security event management SEM reporting solution. Problem McAfee Firewall Reporter versions 5.1.0.6 through 5.1.0.12 are vulnerable to an authentication bypass that may allow remote attackers to...
Novell ZENworks Asset Management File Upload Traversal
Added: 05/27/2011 CVE: CVE-2010-4229 BID: 47295 OSVDB: 71872 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 10.3 prior to 10.3.2 and version 11 fail to validate the...
BarCodeWiz ActiveX LoadProperties Buffer Overflow
Added: 05/23/2011 CVE: CVE-2010-2932 BID: 42097 OSVDB: 66882 Background BarCodeWiz Barcode ActiveX Control is a tool for generating barcodes in Microsoft Office documents, and for Visual Basic, Visual C++, VB.NET, C, or Delphi developer looking to include barcodes in programs. Problem The...
BarCodeWiz ActiveX LoadProperties Buffer Overflow
Added: 05/23/2011 CVE: CVE-2010-2932 BID: 42097 OSVDB: 66882 Background BarCodeWiz Barcode ActiveX Control is a tool for generating barcodes in Microsoft Office documents, and for Visual Basic, Visual C++, VB.NET, C, or Delphi developer looking to include barcodes in programs. Problem The...
Novell File Reporter Agent XML Parser Buffer Overflow
Added: 05/16/2011 CVE: CVE-2011-0994 BID: 47144 OSVDB: 71980 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where...
HP OpenView Storage Data Protector Backup Client Service GET_FILE Message Processing Overflow
Added: 05/09/2011 CVE: CVE-2011-1729 BID: 47638 OSVDB: 72188 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem A remote code execution vulnerability exists in HP Data Protector Backup Client Service due to a buffer overflow in...
CA Total Defense UNCWS SQL Injection
Added: 05/02/2011 CVE: CVE-2011-1653 BID: 47355 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE2, fails to validate certain parameters...
Microsoft Remote Desktop Connection Insecure Library Injection
Added: 03/14/2011 CVE: CVE-2011-0029 BID: 46678 OSVDB: 71014 Background The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer. Problem A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens...
Microsoft Windows Media Player DVR-MS File Code Execution
Added: 03/14/2011 CVE: CVE-2011-0042 BID: 46680 OSVDB: 71016 Background Windows Media Player is an audio and video media player for Windows platforms. Problem A file parsing error in Windows Media Player allows command execution when a user opens a specially crafted Digital Video Recording DVR-MS...
HP OpenView Performance Insight Server Backdoor Account
Added: 03/03/2011 CVE: CVE-2011-0276 BID: 46079 OSVDB: 70754 Background HP OpenView Performance Insight OVPI Server is a management utility that monitors and reports on the performance of services. Problem A backdoor account may allow an attacker to execute arbitrary code on the system. Resolutio...
Microsoft WMI Administrative Tools ActiveX Control AddContextRef vulnerability
Added: 01/07/2011 CVE: CVE-2010-3973 BID: 45546 OSVDB: 69942 Background Microsoft WMI Administrative Tools is a tool suite containing WMI CIM Studio, WMI Object Browser, WMI Event Registration Tool, and WMI Event Viewer. Problem A vulnerability in the WMI Object Viewer ActiveX control...
HP Power Manager formLogin buffer overflow
Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...
Novell iPrint Client ActiveX Control GetDriverSettings buffer overflow
Added: 11/24/2010 CVE: CVE-2010-4321 BID: 44966 OSVDB: 69357 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the Novell iPrint...
Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow
Added: 11/08/2010 CVE: CVE-2010-3655 BID: 44516 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the Shockwave plug-in...
IBM Rational Quality Manager and Test Lab Manager Policy Bypass
Added: 11/05/2010 CVE: CVE-2010-4094 BID: 44172 Background IBM Rational Quality Manager is a web-based centralized test management environment for test planning, workflow control, tracking and metrics reporting. IBM Rational Quality Manager incorporates Apache Tomcat 5 to help serve custom web...
Mozilla Firefox document.write and DOM insertion memory corruption
Added: 11/04/2010 CVE: CVE-2010-3765 BID: 44425 OSVDB: 68905 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A memory corruption vulnerability allows command execution when a user loads a specially crafted web page containi...
Microsoft Office Excel RTD Topic String Buffer Overflow
Added: 10/20/2010 CVE: CVE-2010-1246 BID: 40524 OSVDB: 65238 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Office Excel 2002 is vulnerable to a buffer overflow when parsing Real Time Data RTD Future...
Oracle Secure Backup Administration property_box.php objectname command injection
Added: 09/30/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 66340 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the propertybox.php script allows remote attackers to inject arbitrary commands via the objectname paramete...
Microsoft Office Excel PivotTable Cache Data Record Handling Overflow
Added: 08/19/2010 CVE: CVE-2010-2562 BID: 42199 OSVDB: 66991 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel is vulnerable to a stack buffer overflow due to a logic error when parsing...
Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow
Added: 05/19/2010 CVE: CVE-2010-0265 BID: 38515 OSVDB: 62811 Background Windows Movie Maker is software for creating and editing home movies. Problem A buffer overflow vulnerability in the IsValidWMToolsStream function allows command execution when a user opens a specially crafted .MSWMM file...
RealNetworks Helix Server AgentX receive_agentx Stack Buffer Overflow
Added: 04/27/2010 CVE: CVE-2010-1318 BID: 39564 OSVDB: 63919 Background RealNetworks Helix Server is a media server supporting multiple formats and platforms. Problem A stack buffer overflow vulnerability exists in RealNetworks Helix Server due to a boundary error in the AgentX::receiveagentx...
Easy FTP Server MKD command buffer overflow
Added: 04/08/2010 BID: 38102 OSVDB: 62134 Background UplusFTP formerly Easy FTP Server is a free FTP server for Windows platforms. Problem A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by sending a MKD command with a specially crafted argumen...
Microsoft Excel DbOrParamQry memory corruption
Added: 03/11/2010 CVE: CVE-2010-0264 BID: 38555 OSVDB: 62823 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A memory corruption vulnerability in Microsoft Excel allows command execution when a user...
Lotus Domino Web Access ActiveX control InstallBrowserHelperDll buffer overflow
Added: 03/05/2010 BID: 38457 OSVDB: 62612 Background Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. It includes an ActiveX control implemented in inotes6w.dll, dwa7w.dll, dwa8w.dll, and dwa85w.dll. Problem A buffer overfl...
Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow
Added: 03/04/2010 CVE: CVE-2010-0033 BID: 38107 OSVDB: 62241 Background Microsoft PowerPoint Viewer 2003 is a free tool which allows viewing of Microsoft PowerPoint presentations without requiring Microsoft PowerPoint itself. Problem A stack overflow vulnerability in the handling of TextBytesAtom...
Sun Java System Web Server WebDAV OPTIONS request buffer overflow
Added: 02/05/2010 CVE: CVE-2010-0361 BID: 37874 OSVDB: 61851 Background Sun Java System Web Server is a web application server. WebDAV Web-based Distributed Authoring and Versioning is an extension to the HTTP protocol which allows users to edit web server content. Problem A buffer overflow...
Novell iPrint Client ienipp.ocx persistence parameter parsing buffer overflow
Added: 01/28/2010 CVE: CVE-2009-1569 BID: 37242 OSVDB: 60804 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow in ienipp.ocx allows command...
ACD Systems ACDSee Products XBM File Handling Buffer Overflow
Added: 01/21/2010 BID: 37685 Background ACDSee is a suite of products for viewing and organizing photos. Problem A buffer overflow vulnerability in the IDX.apl plug-in allows command execution when a user opens a specially crafted XBM file. Resolution Apply a patch or upgrade when released by the...
Adobe Reader media.newPlayer Use-After-Free Code Execution
Added: 12/23/2009 CVE: CVE-2009-4324 BID: 37331 OSVDB: 60980 Background Adobe Reader is free software for viewing PDF documents. Problem This issue is caused by a use-after-free error within the "Doc.Media.newPlayer" JavaScript function, which could be exploited by attackers to execute arbitrary...
Visual Studio Active Template Library object type mismatch vulnerability
Added: 08/24/2009 CVE: CVE-2009-2494 BID: 35982 OSVDB: 56910 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow
Added: 07/07/2009 CVE: CVE-2008-0015 BID: 35558 OSVDB: 55651 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A stack buffer overfl...
Microsoft PowerPoint Legacy Format Scheme record buffer overflow
Added: 06/26/2009 CVE: CVE-2009-0226 BID: 34881 OSVDB: 54385 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in Microsoft PowerPoint allows command execution when a user opens a PowerPoint 4.0 stream...
Microsoft Works File Converter FontName buffer overflow
Added: 06/15/2009 CVE: CVE-2009-1533 BID: 35184 OSVDB: 54939 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows command execution when a user opens a WPS file...
Novell GroupWise Internet Agent e-mail address buffer overflow
Added: 06/05/2009 CVE: CVE-2009-1636 BID: 35064 OSVDB: 54645 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability allows a remote attacker to execute arbitrary commands by sending a message containing a specially crafted e-mail address ...
Microsoft PowerPoint 2000 CurrentUserAtom buffer overflow
Added: 05/21/2009 CVE: CVE-2009-1131 BID: 34841 OSVDB: 54393 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in Microsoft PowerPoint allows command execution when a user opens a presentation containin...
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...
HP OpenView Network Node Manager OvOSLocale cookie buffer overflow
Added: 03/26/2009 CVE: CVE-2009-0920 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted OvOSLocale cookie in an...
Opera file URI buffer overflow
Added: 01/13/2009 CVE: CVE-2008-5178 BID: 32323 OSVDB: 49882 Background Opera is a web browser which is available for multiple platforms. Problem A buffer overflow vulnerability allows command execution when a user opens a long, specially crafted file:// URI. Resolution Upgrade to Opera 9.63 or...
VLC media player RealText subtitle file ParseRealText buffer overflow
Added: 12/01/2008 CVE: CVE-2008-5036 BID: 32125 OSVDB: 49809 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A buffer overflow vulnerability in the ParseRealText function allows command execution when a user opens a media fi...
CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow
Added: 11/28/2008 CVE: CVE-2007-5004 BID: 24348 OSVDB: 41352 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem An integer overflow vulnerability allows remote attackers to execute...
Trend Micro OfficeScan CGI programs POST request buffer overflow
Added: 10/31/2008 CVE: CVE-2008-3862 BID: 31859 OSVDB: 49275 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending specially crafted HTTP POST requests ...