4300 matches found
Disk Pulse Server GetServerInfo buffer overflow
Added: 12/10/2010 BID: 43919 Background Disk Pulse is a disk change monitoring solution. Problem A buffer overflow vulnerability in Disk Pulse Server allows remote attackers to execute arbitrary commands by sending a specially crafted GetServerInfo request to port 9120/TCP. Resolution Upgrade to ...
Adobe Shockwave Director rcsL Chunk Remote Code Execution
Added: 11/04/2010 CVE: CVE-2010-3653 BID: 44291 OSVDB: 68803 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the...
ARP Spoof
Added: 08/23/2010 Background The Address Resolution Protocol ARP is used to resolve IP addresses into the hardware addresses which are used for delivering packets on a local network. Problem It is possible to send a computer a forged ARP reply, which is then stored in that computer's cache. This...
Microsoft Excel DBQueryExt record parsing vulnerability
Added: 07/08/2010 CVE: CVE-2010-1253 BID: 40531 OSVDB: 65228 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A vulnerability in Microsoft Excel allows command execution when a user opens a spreadshee...
TweakFS Zip Utility for FSX filename buffer overflow
Added: 06/24/2010 CVE: CVE-2010-1458 BID: 39565 OSVDB: 63899 Background The TweakFS Zip Utility is included in the TweakFS Flight Simulator X Utilities. Problem A buffer overflow vulnerability in the TweakFS Zip Utility allows command execution when a user opens a ZIP archive containing a long,...
Apple Safari parent.close() Invalid Pointer Code Execution
Added: 05/28/2010 CVE: CVE-2010-1939 BID: 39990 OSVDB: 64482 Background Safari is a web browser for Mac OS X and Windows. Problem Apple Safari 4.0.5 for Windows and probably earlier allows remote attackers to execute arbitrary code by enticing the user to open a crafted HTML document. The crafted...
Easy FTP Server MKD command buffer overflow
Added: 04/08/2010 BID: 38102 OSVDB: 62134 Background UplusFTP formerly Easy FTP Server is a free FTP server for Windows platforms. Problem A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by sending a MKD command with a specially crafted argumen...
HP OpenView Storage Data Protector Cell Manager buffer overflow
Added: 01/29/2010 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability in HP OpenView Storage Data Protector allows remote attackers to execute arbitrary commands by sending a specially crafted request to the Cell Manager service. Resolution...
HP OpenView Application Recovery Manager MSG_PROTOCOL buffer overflow
Added: 01/08/2010 CVE: CVE-2009-3844 BID: 37250 OSVDB: 60852 Background HP OpenView Application Recovery Manager is a backup solution for business application data. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...
VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow
Added: 12/07/2009 BID: 36439 OSVDB: 58217 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A buffer overflow vulnerability exists in VideoLAN VLC media player due to an error when an overly deep box structure in ".mp4" files....
Symantec AeXNSConsoleUtilities RunCmd buffer overflow
Added: 11/27/2009 CVE: CVE-2009-3033 BID: 37092 OSVDB: 60496 Background Symantec Altiris Deployment Solution provides tools to deploy software on desktops and servers. Problem A buffer overflow vulnerability in the AeXNSConsoleUtilities ActiveX control allows command execution when a user loads a...
IBM Tivoli Storage Manager Client CAD Service Buffer Overflow
Added: 11/20/2009 CVE: CVE-2009-3853 OSVDB: 59632 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on port 1582/TCP. Problem The vulnerability is caused by an input validation error in t...
Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow
Added: 11/06/2009 CVE: CVE-2009-3031 BID: 36698 OSVDB: 59597 Background Symantec Altiris Deployment Solution provides tools to deploy software on desktops and servers. Problem A stack buffer overflow vulnerability in the AeXNSConsoleUtilities.dll ActiveX control allows remote attackers to execute...
HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...
HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...
Microsoft Works File Converter FontName buffer overflow
Added: 06/15/2009 CVE: CVE-2009-1533 BID: 35184 OSVDB: 54939 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows command execution when a user opens a WPS file...
Symantec Alert Management System Intel Alert Originator Service msgsys.exe buffer overflow
Added: 05/05/2009 CVE: CVE-2009-1430 BID: 34674 OSVDB: 54159 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel Alert Originator IAO service is a component of AMS2. The msgsys.exe process is a preprocessor for the IAO service and listens on TCP...
Microsoft WordPad Word 97 text converter XST buffer overflow
Added: 04/17/2009 CVE: CVE-2008-4841 BID: 32718 OSVDB: 50567 Background The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files. Problem A buffer overflow vulnerability allows command execution when WordPad is used to open a Word 97...
SQL injection
Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...
ffdshow URL link buffer overflow
Added: 03/25/2009 CVE: CVE-2008-5381 BID: 32438 OSVDB: 50064 Background ffdshow tryouts also known just as ffdshow is an audio and video decoder for Windows. Problem A buffer overflow vulnerability allows command execution when a user opens a media stream with a long, specially crafted URL link...
Oracle 9i Release 2 XDB FTP Pass Overflow
Added: 02/25/2009 CVE: CVE-2003-0727 BID: 8375 OSVDB: 2449 Background Oracle 9i release 2 includes the XDB FTP service which by default listens on port 2100. Problem A buffer overflow vulnerability in the parsing of credentials passed to the server allows remote attackers to execute arbitrary...
Free Download Manager Remote Control Server HTTP Authorization buffer overflow
Added: 02/04/2009 CVE: CVE-2009-0183 BID: 33554 OSVDB: 51745 Background Free Download Manager is a download accelerator and manager for Windows systems. Problem A buffer overflow vulnerability in the Free Download Manager Remote Control Server allows remote attackers to execute arbitrary commands...
Free Download Manager Remote Control Server HTTP Authorization buffer overflow
Added: 02/04/2009 CVE: CVE-2009-0183 BID: 33554 OSVDB: 51745 Background Free Download Manager is a download accelerator and manager for Windows systems. Problem A buffer overflow vulnerability in the Free Download Manager Remote Control Server allows remote attackers to execute arbitrary commands...
HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow
Added: 01/09/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the Toolbar.exe CGI program with a...
Cyrus IMAP pop3d popsubfolders buffer overflow
Added: 10/30/2008 CVE: CVE-2006-2502 BID: 18056 OSVDB: 25853 Background Cyrus IMAP is an open-source IMAP, POP3, and KPOP server. The popsubfolders configuration option allows POP3 users to access subfolders by specifying the subfolder name when logging in. Problem When the popsubfolders...
Novell iPrint ActiveX control GetDriverFile buffer overflow
Added: 09/16/2008 CVE: CVE-2008-2431 BID: 30813 OSVDB: 51684 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the Novell iPrint Active...
Windows Media Encoder 9 wmex.dll ActiveX buffer overflow
Added: 09/09/2008 CVE: CVE-2008-3008 BID: 31065 OSVDB: 47962 Background Windows Media Encoder is a tool for content producers to capture and compress audio and video content. Windows Media Encoder 9 installs the wmex.dll ActiveX control. Problem A buffer overflow vulnerability in the wmex.dll...
WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow
Added: 08/22/2008 CVE: CVE-2008-3558 BID: 30578 OSVDB: 47344 Background The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting. Problem A buffer overflow vulnerability in the atucfobj.dll ActiveX control allows command execution when a user loads a web page whi...
CA ARCserve Backup LGServer handshake buffer overflow
Added: 08/11/2008 CVE: CVE-2008-3175 BID: 30472 OSVDB: 47545 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in the LGServer.exe server process...
CA ARCserve Backup LGServer handshake buffer overflow
Added: 08/11/2008 CVE: CVE-2008-3175 BID: 30472 OSVDB: 47545 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in the LGServer.exe server process...
CA ARCserve Backup LGServer handshake buffer overflow
Added: 08/11/2008 CVE: CVE-2008-3175 BID: 30472 OSVDB: 47545 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in the LGServer.exe server process...
HP OpenView Network Node Manager connectedNodes.ovpl command execution
Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...
HP StorageWorks Storage Mirroring DoubleTake.exe encoded authentication overflow
Added: 06/16/2008 CVE: CVE-2008-1661 OSVDB: 45924 Background HP StorageWorks is a virtualized storage solution for mid-sized customers. Problem A buffer overflow vulnerability in the DoubleTake.exe process allows remote attackers to execute arbitrary commands by sending a long, specially crafted...
IBM Lotus Sametime Community Services Multiplexer buffer overflow
Added: 05/30/2008 CVE: CVE-2008-2499 BID: 29328 OSVDB: 45610 Background IBM Lotus Sametime is enterprise instant messaging and web conferencing software. Problem A buffer overflow vulnerability in the Community Services Multiplexer allows remote attackers to execute arbitrary commands by requesti...
CA ARCserve Backup xdr_rwsstring buffer overflow
Added: 05/27/2008 CVE: CVE-2008-2242 BID: 29283 OSVDB: 45368 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. It runs several services which use the SUN Remote Procedure Call SUN-RPC protocol. SUN-RPC messages are defined using the External Data...
Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow
Added: 05/19/2008 CVE: CVE-2008-0660 BID: 27576 OSVDB: 41073 Background Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product. Problem A buffer overflow vulnerability in Facebook PhotoUploader allows comma...
CA ARCserve Backup for Laptops and Desktops LGServer service code execution
Added: 05/07/2008 CVE: CVE-2008-1328 BID: 28616 OSVDB: 44320 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in BrightStor ARCserve Backup for...
Borland StarTeam Multicast Service parse_request buffer overflow
Added: 04/25/2008 CVE: CVE-2008-0311 BID: 28602 OSVDB: 44039 Background Borland StarTeam is a software change and configuration management system. Problem A buffer overflow vulnerability in the PGMWebHandler::parserequest function in the StarTeam Multicast Service allows remote attackers to execu...
Borland InterBase ibserver.exe Service Attach request buffer overflow
Added: 04/21/2008 CVE: CVE-2008-1910 BID: 28730 OSVDB: 44455 Background Borland Interbase is a database solution for Windows, Linux, and Solaris platforms. Problem A buffer overflow vulnerability in ibserver.exe allows remote attackers to execute arbitrary commands by sending a long, specially...
Microsoft Excel conditional formatting vulnerability
Added: 03/14/2008 CVE: CVE-2008-0117 BID: 28170 OSVDB: 42731 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A vulnerability in Microsoft Excel allows command execution when a user opens a file...
Novell iPrint Control ActiveX control ExecuteRequest buffer overflow
Added: 03/11/2008 CVE: CVE-2008-0935 BID: 27939 OSVDB: 42063 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the ExecuteReque...
Microsoft Works File Converter index table vulnerability
Added: 02/22/2008 CVE: CVE-2008-0105 BID: 27658 OSVDB: 41458 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows arbitrary command execution when a user opens a .w...
Microsoft Works File Converter field length buffer overflow
Added: 02/19/2008 CVE: CVE-2008-0108 BID: 27659 OSVDB: 41459 Background The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files. Problem A buffer overflow vulnerability in the Microsoft Works File Converter allows arbitrary command execution when a user opens a .w...
BrightStor ARCserve Backup LGServer directory traversal
Added: 02/15/2008 CVE: CVE-2007-5005 BID: 24348 OSVDB: 41350 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A directory traversal vulnerability in rxRPC.dll in the...
BrightStor ARCserve Backup LGServer directory traversal
Added: 02/15/2008 CVE: CVE-2007-5005 BID: 24348 OSVDB: 41350 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A directory traversal vulnerability in rxRPC.dll in the...
ASPX Shell
Added: 02/14/2008 Background This exploit does not exploit a vulnerability, but instead creates an aspx page. The page, if placed on an IIS server, establishes a shell connection when requested. Problem N/A Resolution N/A References N/A Limitations The user needs the ability to upload the resulti...
BrightStor ARCserve Backup LGServer rxsUseLicenseIni buffer overflow
Added: 01/11/2008 CVE: CVE-2007-3216 BID: 24348 OSVDB: 35329 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in the rxsUseLicenseIni function allow...
Lotus Notes Lotus 1-2-3 file viewer buffer overflow
Added: 12/07/2007 CVE: CVE-2007-6593 BID: 26604 OSVDB: 40796 Background Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to process files in the Lotus Worksheet File format WKS used by Lotus 1-2-3. Problem A buffer overflow vulnerability in the...