Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

Freefloat FTPD Invalid Command Overflow

Added: 09/26/2011 BID: 48704 Background Freefloat is a software series developed directly for handheld terminals. Freefloat FTP Server is a free FTP server for various versions of Windows including Windows CE/Pocket PC. Problem Freefloat FTP Server is vulnerable to a stack overflow as a result of...

Microsoft Internet Explorer Time Element Memory Corruption

Added: 09/06/2011 CVE: CVE-2011-1255 BID: 48206 OSVDB: 72947 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. The HTML+Time Timed Interactive Multimedia Extensions helps to add timed, animated, multimedia content to HTML documents. Problem...

BarCodeWiz ActiveX LoadProperties Buffer Overflow

Added: 05/23/2011 CVE: CVE-2010-2932 BID: 42097 OSVDB: 66882 Background BarCodeWiz Barcode ActiveX Control is a tool for generating barcodes in Microsoft Office documents, and for Visual Basic, Visual C++, VB.NET, C, or Delphi developer looking to include barcodes in programs. Problem The...

BarCodeWiz ActiveX LoadProperties Buffer Overflow

Added: 05/23/2011 CVE: CVE-2010-2932 BID: 42097 OSVDB: 66882 Background BarCodeWiz Barcode ActiveX Control is a tool for generating barcodes in Microsoft Office documents, and for Visual Basic, Visual C++, VB.NET, C, or Delphi developer looking to include barcodes in programs. Problem The...

CA Total Defense UNCWS DeleteReports SQL Injection

Added: 05/12/2011 CVE: CVE-2011-1653 BID: 47355 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE2, fails to validate certain parameters...

CA Total Defense UNCWS SQL Injection

Added: 05/02/2011 CVE: CVE-2011-1653 BID: 47355 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE2, fails to validate certain parameters...

HP OpenView Network Node Manager malformed displayWidth option to jovgraph.exe

Added: 04/18/2011 CVE: CVE-2011-0261 BID: 45762 OSVDB: 70469 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in jovgraph.exe allows remote attackers to execute arbitrary commands by sending an overly...

Cisco Security Agent Management Center Code Execution

Added: 03/17/2011 CVE: CVE-2011-0364 BID: 65436 OSVDB: 70884 Background Cisco Security Agent Management Center is the server component of Cisco's Security Agent endpoint IPS solution. It is responsible for collecting event log information from endpoints and distributing rules updates. Problem The...

HP Data Protector Client agent EXEC_SETUP code execution

Added: 03/03/2011 CVE: CVE-2011-0922 BID: 46234 OSVDB: 72525 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from...

Symantec Alert Management System Intel Alert Handler modem string buffer overflow

Added: 02/23/2011 CVE: CVE-2010-0110 BID: 45936 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager, which listens on po...

WebEx WRF Player buffer overflow

Added: 02/10/2011 CVE: CVE-2010-3269 BID: 46075 Background The WebEx Recording Format WRF is used to save recordings of WebEx meetings to a file. The WebEx WRF Player allows users to play a WRF file. Problem A buffer overflow vulnerability in the WebEx WRF Player allows command execution when a...

HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution

Added: 01/24/2011 CVE: CVE-2011-0269 BID: 45762 OSVDB: 70473 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A stack buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the...

HP Photo Creations audio.Record ActiveX Stack Buffer Overflow

Added: 01/10/2011 BID: 45631 Background HP Photo Creations is free software that lets the user create photo books, calendars, collages, greeting cards and other keepsakes that can be printed or shipped to the user. HP Photo Creations installs and registers the audio.Record ActiveX control which...

Cisco IOS HTTP exec path command execution

Added: 12/23/2010 CVE: CVE-2000-0945 BID: 1846 OSVDB: 444 Background The Cisco Internetwork Operating System IOS is the operating system used by Cisco routers. Problem A remote attacker could execute arbitrary commands through HTTP requests by requesting a path beginning with /exec. Resolution Se...

SAP Crystal Reports PrintControl.dll ServerResourceVersion buffer overflow

Added: 12/22/2010 CVE: CVE-2010-2590 BID: 45387 OSVDB: 69917 Background SAP Crystal Reports allows developers to design interactive reports from virtually any data source. Problem A buffer overflow vulnerability in the PrintControl.dll ActiveX control allows command execution when a user loads a...

Internet Explorer HTML+TIME element OuterText memory corruption

Added: 12/16/2010 CVE: CVE-2010-3346 BID: 45261 OSVDB: 69829 Background The HTML+TIME.aspx component of Internet Explorer adds timing and media synchronization support to HTML pages. Problem A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a...

DATAC RealWin SCADA Server SCPC_INITIALIZE buffer overflow

Added: 11/08/2010 CVE: CVE-2010-4142 BID: 44150 OSVDB: 68812 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

IBM Tivoli Storage Manager FastBack Mount Service Code Execution

Added: 10/18/2010 CVE: CVE-2010-3058 BID: 42549 OSVDB: 67292 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. TSM includes FastBack, which provides a client/server backup solution for the MS Windows environment. FastBack...

Oracle Secure Backup Administration property_box.php objectname command injection

Added: 09/30/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 66340 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the propertybox.php script allows remote attackers to inject arbitrary commands via the objectname paramete...

Novell iPrint Client ActiveX control call-back-url buffer overflow

Added: 08/25/2010 CVE: CVE-2010-1527 BID: 42576 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability allows command execution when a...

HP OpenView NNM getnnmdata.exe CGI ICount Parameter Buffer Overflow

Added: 08/23/2010 CVE: CVE-2010-1554 BID: 40071 OSVDB: 64976 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in Network Node Manager allows remote attackers to execute arbitrary commands by sending a...

Microsoft Office Excel PivotTable Cache Data Record Handling Overflow

Added: 08/19/2010 CVE: CVE-2010-2562 BID: 42199 OSVDB: 66991 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel is vulnerable to a stack buffer overflow due to a logic error when parsing...

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

Novell GroupWise Internet Agent IMAP Service Stack Buffer Overflow

Added: 08/03/2010 CVE: CVE-2010-2777 BID: 41704 OSVDB: 66623 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability exists within the IMAP component of the Novell GroupWise Internet Agent service and is due to a boundary error while...

Microsoft Excel DBQueryExt record parsing vulnerability

Added: 07/08/2010 CVE: CVE-2010-1253 BID: 40531 OSVDB: 65228 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A vulnerability in Microsoft Excel allows command execution when a user opens a spreadshee...

HP OpenView Network Node Manager ovwebsnmpsrv.exe buffer overflow via jovgraph.exe

Added: 06/23/2010 CVE: CVE-2009-4181 BID: 37261 OSVDB: 60932 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in ovwebsnmpsrv.exe allows remote attackers to execute arbitrary commands by sending...

Microsoft Visio DXF file insertion buffer overflow

Added: 05/07/2010 CVE: CVE-2010-1681 BID: 39836 Background Microsoft Visio is a component of the Microsoft Office suite which provides the capability to produce diagrams. Problem A buffer overflow vulnerability allows command execution when a user inserts a specially crafted DXF file into a Visio...

Microsoft Publisher File Conversion Textbox buffer overflow

Added: 04/30/2010 CVE: CVE-2010-0479 BID: 39347 OSVDB: 63748 Background Microsoft Office Publisher, part of the Microsoft Office suite, is a product for creating publications and marketing materials. Problem A buffer overflow vulnerability allows command execution when a user loads a Publisher 97...

Microsoft Publisher File Conversion Textbox buffer overflow

Added: 04/30/2010 CVE: CVE-2010-0479 BID: 39347 OSVDB: 63748 Background Microsoft Office Publisher, part of the Microsoft Office suite, is a product for creating publications and marketing materials. Problem A buffer overflow vulnerability allows command execution when a user loads a Publisher 97...

Microsoft Publisher File Conversion Textbox buffer overflow

Added: 04/30/2010 CVE: CVE-2010-0479 BID: 39347 OSVDB: 63748 Background Microsoft Office Publisher, part of the Microsoft Office suite, is a product for creating publications and marketing materials. Problem A buffer overflow vulnerability allows command execution when a user loads a Publisher 97...

RealNetworks Helix Server AgentX receive_agentx Stack Buffer Overflow

Added: 04/27/2010 CVE: CVE-2010-1318 BID: 39564 OSVDB: 63919 Background RealNetworks Helix Server is a media server supporting multiple formats and platforms. Problem A stack buffer overflow vulnerability exists in RealNetworks Helix Server due to a boundary error in the AgentX::receiveagentx...

RealNetworks Helix Server AgentX receive_agentx Stack Buffer Overflow

Added: 04/27/2010 CVE: CVE-2010-1318 BID: 39564 OSVDB: 63919 Background RealNetworks Helix Server is a media server supporting multiple formats and platforms. Problem A stack buffer overflow vulnerability exists in RealNetworks Helix Server due to a boundary error in the AgentX::receiveagentx...

Orbital Viewer buffer overflow

Added: 03/24/2010 CVE: CVE-2010-0688 BID: 38436 OSVDB: 62580 Background Orbital Viewer is a program for viewing atomic and molecular orbitals. Problem A buffer overflow vulnerability in Orbital Viewer allows command execution when a user opens a specially crafted .orb file. Resolution Do not open...

Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow

Added: 03/04/2010 CVE: CVE-2010-0033 BID: 38107 OSVDB: 62241 Background Microsoft PowerPoint Viewer 2003 is a free tool which allows viewing of Microsoft PowerPoint presentations without requiring Microsoft PowerPoint itself. Problem A stack overflow vulnerability in the handling of TextBytesAtom...

Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption

Added: 02/12/2010 CVE: CVE-2010-0031 BID: 38103 OSVDB: 62237 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an...

Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption

Added: 02/12/2010 CVE: CVE-2010-0031 BID: 38103 OSVDB: 62237 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an...

Adobe Illustrator EPS File DSC Comment Buffer Overflow

Added: 01/20/2010 CVE: CVE-2009-4195 BID: 37192 OSVDB: 60632 Background Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals that is used for both drawing and typographical work. Illustrator supports several vector file formats including AI, CDR, PD...

HP OpenView Application Recovery Manager MSG_PROTOCOL buffer overflow

Added: 01/08/2010 CVE: CVE-2009-3844 BID: 37250 OSVDB: 60852 Background HP OpenView Application Recovery Manager is a backup solution for business application data. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

InterSystems Cache HTTP Stack Buffer Overflow

Added: 11/13/2009 Background InterSystems Cache is a high-performance object database that also enables rapid Web application development. Problem Intersystems Cache is vulnerable to a HTTP stack buffer overflow as a result of a specially crafted parameter to the UtilConfigHome.csp page. Resoluti...

IBM Installation Manager iim URI Handling Code Execution

Added: 10/16/2009 CVE: CVE-2009-3518 BID: 36549 OSVDB: 58420 Background IBM Installation Manager IIM is a software tool that helps to install, update, modify, and uninstall packages. Problem When IIM is installed it registers the application IBMIM.exe as the iim:// scheme handler, so when an iim:...

VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow

Added: 09/11/2009 CVE: CVE-2009-2484 BID: 35500 OSVDB: 55509 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A stack-based buffer overflow vulnerability in the Win32AddConnection function may allow a remote attacker to execu...

VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow

Added: 09/11/2009 CVE: CVE-2009-2484 BID: 35500 OSVDB: 55509 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A stack-based buffer overflow vulnerability in the Win32AddConnection function may allow a remote attacker to execu...

Visual Studio Active Template Library uninitialized object

Added: 07/30/2009 CVE: CVE-2009-0901 BID: 35832 OSVDB: 56696 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...

Mozilla Firefox JIT Escape Function Memory Corruption

Added: 07/13/2009 CVE: CVE-2009-2477 BID: 35660 OSVDB: 55846 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and...

Motorola Timbuktu PlughNTCommand named pipe string buffer overflow

Added: 07/13/2009 CVE: CVE-2009-1394 BID: 35496 OSVDB: 55436 Background Motorola Timbuktu is remote control software for Windows and Mac. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted character string to the...

Microsoft PowerPoint Legacy File Format Master Page buffer overflow

Added: 05/14/2009 CVE: CVE-2009-1137 BID: 34876 OSVDB: 54381 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in the Legacy File Format conversion filter PP4X322.dll allows command execution when a use...

Microsoft WordPad Word97 text converter buffer overflow

Added: 04/23/2009 CVE: CVE-2009-0235 BID: 34470 OSVDB: 53664 Background The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files. Problem A buffer overflow vulnerability in the Word 97 text converter allows command execution when a use...

Microsoft PowerPoint invalid object reference vulnerability

Added: 04/20/2009 CVE: CVE-2009-0556 BID: 34351 OSVDB: 53182 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability in Microsoft PowerPoint allows command execution when an invalid object is referenced...

Microsoft WordPad Word 97 text converter XST buffer overflow

Added: 04/17/2009 CVE: CVE-2008-4841 BID: 32718 OSVDB: 50567 Background The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files. Problem A buffer overflow vulnerability allows command execution when WordPad is used to open a Word 97...