Lotus Domino Web Access ActiveX control dwa7w.dll buffer overflow

Added: 12/31/2007 CVE: CVE-2007-4474 BID: 26972 OSVDB: 40954 Background Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. Problem A buffer overflow vulnerability in the Lotus Domino Web Access ActiveX control in the dwa7w.dl...

Adobe PageMaker MAIPM6.DLL font name buffer overflow

Added: 11/19/2007 CVE: CVE-2007-5169 BID: 25989 OSVDB: 38067 Background Adobe PageMaker is page layout software. Problem A buffer overflow vulnerability in MAIPM6.DLL allows command execution when a user opens a .PMD file containing specially crafted font names. Resolution Apply the update...

Tivoli Storage Manager CAD Host header buffer overflow

Added: 10/26/2007 CVE: CVE-2007-4880 BID: 25743 OSVDB: 38161 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on port 1581/TCP. Problem A buffer overflow vulnerability in Tivoli Storage...

Microsoft Visual Basic VBP file buffer overflow

Added: 10/05/2007 CVE: CVE-2007-4776 BID: 25629 OSVDB: 36936 Background Microsoft Visual Basic is a development tool for building Windows applications. Problem A buffer overflow vulnerability in Microsoft Visual Basic allows command execution when a user opens a specially crafted Visual Basic...

HP OpenView Operations OVTrace buffer overflow

Added: 08/16/2007 CVE: CVE-2007-3872 BID: 25255 OSVDB: 39527 Background HP OpenView Operations is event management and performance monitoring software. Problem A buffer overflow vulnerability in HP OpenView Operations allows remote attackers to execute arbitrary commands by sending a specially...

Yahoo! Widgets ActiveX control GetComponentVersion buffer overflow

Added: 08/03/2007 CVE: CVE-2007-4034 BID: 25086 OSVDB: 37705 Background Yahoo! Widgets is desktop software which runs any number of small, real-time, Internet applications called widgets. Problem A buffer overflow vulnerability in the YDPCTL ActiveX Control allows command execution when a user...

Ipswitch IMail IMAP SUBSCRIBE command buffer overflow

Added: 08/02/2007 CVE: CVE-2007-3927 BID: 24962 OSVDB: 36222 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SUBSCRIBE command...

Ipswitch IMail Server IMAP SEARCH buffer overflow

Added: 07/27/2007 CVE: CVE-2007-3925 BID: 24962 OSVDB: 36219 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SEARCH command...

Internet Explorer Content Advisor memory corruption

Added: 06/20/2007 CVE: CVE-2005-0555 BID: 13117 OSVDB: 15466 Background The Content Advisor is used to control what content is viewable in Internet Explorer. Problem A memory corruption vulnerability in the Content Advisor allows command execution when a user loads a specially crafted page in...

CA Antivirus engine CAB handling buffer overflow

Added: 06/07/2007 CVE: CVE-2007-2864 BID: 24330 OSVDB: 35245 Background The CA Antivirus engine is included in multiple CA products. Problem A buffer overflow vulnerability in the CA Antivirus engine allows command execution when a CAB file containing a specially crafted "coffFiles" field is...

ACDSee XPM file handling buffer overflow

Added: 05/10/2007 CVE: CVE-2007-2193 BID: 23620 OSVDB: 35236 Background ACDSee is a suite of products for viewing and organizing photos. Problem A buffer overflow vulnerability in the IDX.apl plug-in allows command execution when a user opens a specially crafted XPM file. Resolution Apply a fix...

MERCUR imapd SUBSCRIBE command buffer overflow

Added: 03/27/2007 CVE: CVE-2007-1579 BID: 23050 OSVDB: 33546 Background MERCUR Messaging Server is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by...

NetMail WebAdmin username buffer overflow

Added: 03/16/2007 CVE: CVE-2007-1350 BID: 22857 OSVDB: 33886 Background Novell NetMail WebAdmin is a web-based administration interface which runs an HTTP server on port 89/TCP. Problem A buffer overflow vulnerability in Novell NetMail WebAdmin allows remote attackers to execute arbitrary command...

Trend Micro ServerProtect ENG_SetRealTimeScanConfigInfo buffer overflow

Added: 03/07/2007 CVE: CVE-2007-1070 BID: 22639 OSVDB: 33042 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow vulnerability in the ENGSetRealTimeScanConfigInfo function allows remote attackers to execute arbitrary commands by sending a specially craft...

BrightStor ARCserve LGServer buffer overflow

Added: 02/02/2007 CVE: CVE-2007-0449 BID: 22342 OSVDB: 31593 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in BrightStor ARCserve Backup for...

BrightStor ARCserve Message Engine opnum 0x2f buffer overflow

Added: 01/19/2007 CVE: CVE-2007-0169 BID: 22005 OSVDB: 31318 Background The BrightStor ARCserve Backup server runs the Message Engine RPC service on ports 6503/TCP and 6504/TCP by default. Problem A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary command...

Internet Explorer WebViewFolderIcon setSlice integer overflow

Added: 09/29/2006 CVE: CVE-2006-3730 BID: 19030 OSVDB: 27110 Background The WebViewFolderIcon ActiveX control provides support for icons in the Windows Explorer Web view. Problem An integer overflow vulnerability in the setSlice method in the WebViewFolderIcon ActiveX control allows remote comman...

WS_FTP XCRC buffer overflow

Added: 09/22/2006 CVE: CVE-2006-4847 BID: 20076 OSVDB: 28939 Background WSFTP Server is an FTP server for Windows platforms. Problem Buffer overflows in multiple FTP commands allow an authenticated attacker to execute arbitrary commands. Resolution Upgrade to WSFTP Server 5.05 Hotfix 1. Reference...

MySQL MaxDB WebDBM database name buffer overflow

Added: 09/06/2006 CVE: CVE-2006-4305 BID: 19660 OSVDB: 28300 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem A buffer overflow in MaxDB allows remote attackers to execute arbitrary commands by sending a long database name from a WebDBM client. Resolution Upgra...

McAfee Subscription Manager ActiveX buffer overflow

Added: 08/25/2006 CVE: CVE-2006-3961 BID: 19265 OSVDB: 27698 Background McAfee Antivirus products access the McAfee Security Center product which allows users to set preferences and settings for numerous installed McAfee components and services. The Security Center includes a Subscription Manager...

ntdll.dll buffer overflow via IIS 5.0 WebDAV

Added: 07/18/2006 CVE: CVE-2003-0109 BID: 7116 OSVDB: 4467 Background The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS. Problem A buffer overflow in ntdll.dll allo...

eSignal WinSig.exe buffer overflow

Added: 07/14/2006 CVE: CVE-2004-1868 BID: 9978 OSVDB: 4583 Background eSignal is a tool which provides real-time financial and market information. Its main application, WinSig.exe , services requests on port 80/TCP. Problem A buffer overflow vulnerability in eSignal allows remote attackers to...

MERCUR Messaging IMAP LOGIN command buffer overflow

Added: 07/10/2006 CVE: CVE-2006-1255 BID: 17138 OSVDB: 23950 Background MERCUR Messaging 2005 is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service when processing the LOGIN command allows remote...

MailEnable SMTP AUTH LOGIN buffer overflow

Added: 06/30/2006 CVE: CVE-2005-1781 BID: 13772 OSVDB: 16851 Background MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services. Problem The SMTP service in MailEnable is affected by a...

Symantec real-time scan service buffer overflow

Added: 06/13/2006 CVE: CVE-2006-2630 BID: 18107 OSVDB: 25846 Background Various Symantec products include a real-time virus scan service. Problem A buffer overflow in the real-time virus scan service allows remote attackers to execute arbitrary commands. Resolution Apply patch SYM06-010. Referenc...

Cyrus IMAP pop3d popsubfolders buffer overflow

Added: 06/12/2006 CVE: CVE-2006-2502 BID: 18056 OSVDB: 25853 Background Cyrus IMAP is an open-source IMAP, POP3, and KPOP server. The popsubfolders configuration option allows POP3 users to access subfolders by specifying the subfolder name when logging in. Problem When the popsubfolders...

RealPlayer invalid chunk header heap overflow

Added: 03/31/2006 CVE: CVE-2005-2922 BID: 17202 OSVDB: 24062 Background RealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. Problem A chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leadi...

Internet Explorer isComponentInstalled buffer overflow

Added: 03/16/2006 CVE: CVE-2006-1016 BID: 16870 OSVDB: 31647 Background The isComponentInstalled method allows scripts to determine which components are installed. Problem Internet Explorer is affected by a buffer overflow in the isComponentInstalled method which can lead to remote command...

Microsoft Visual Studio .dbp and .sln buffer overflow

Added: 03/07/2006 CVE: CVE-2006-1043 BID: 16953 OSVDB: 23711 Background Microsoft Visual Studio is a product for facilitating software development on Windows operating systems. Problem A buffer overflow vulnerability leads to command execution when a specially crafted Database Project .dbp or...

Windows NetDDE buffer overflow

Added: 02/24/2006 CVE: CVE-2004-0206 BID: 11372 OSVDB: 10689 Background Network Dynamic Data Exchange NetDDE is a Windows service which allows two applications to communicate with each other over a network. Problem A buffer overflow in the NetDDE service could allow a remote, anonymous attacker t...

Winamp playlist file buffer overflow

Added: 01/31/2006 CVE: CVE-2006-0476 BID: 16410 OSVDB: 22789 Background Winamp is a media player for Windows. Problem A buffer overflow in Winamp allows code execution when a specially crafted playlist file is opened. Resolution Upgrade to Winamp 5.13 or higher. References Limitations Exploit...

Arkeia Type 77 Request buffer overflow

Added: 01/24/2006 CVE: CVE-2005-0491 BID: 12594 OSVDB: 14011 Background The Arkeia network backup software includes a daemon program called arkeiad which listens for connections on TCP port 617. Problem A buffer overflow in the processing of type 77 requests sent to the arkeiad listener allows...

RSA SecurID Web Agent for IIS redirect buffer overflow

Added: 11/30/2005 CVE: CVE-2005-4734 BID: 26424 OSVDB: 20151 Background RSA SecurID Web Agent for IIS provides access control for IIS web servers using one-time authentication tokens. Problem A buffer overflow in IISWebAgentIF.dll could allow a remote attacker to execute arbitrary commands using ...

MailEnable IMAP STATUS buffer overflow

Added: 11/29/2005 CVE: CVE-2005-2278 BID: 14243 OSVDB: 17844 Background MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail. Problem A buffer overflow in the...

Novell eDirectory iMonitor buffer overflow

Added: 11/29/2005 CVE: CVE-2005-2551 BID: 14548 OSVDB: 18703 Background iMonitor is a web service which is a component of Novell eDirectory. Problem A buffer overflow when processing long HTTP or HTTPS requests leads to remote command execution. Resolution Upgrade to eDirectory 8.7.3 IR7 or highe...

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

Citrix SD-WAN Appliance SQL and command injection

Added: 07/26/2019 Background Citrix Software-defined wide-area network SD-WAN is a service that grants the enterprise with the ability to dynamically connect branch offices and data centers on a global scale. Problem Citrix SD-WAN 10.1.x and 10.2.x before 10.2.3 allow unauthenticated SQL injectio...

TikiWiki elfinder file upload

Added: 07/14/2016 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The third-party elfinder component allows unauthenticated users to upload arbitrary files, which can then be executed using a simple HTTP request. Resolution Upgrade to TikiWiki 12.9,...

Centreon web interface command injection

Added: 02/29/2016 Background Centreon is a suite of enterprise monitoring products written in PHP. Problem A command injection vulnerability in the Centreon web interface allows remote attackers to execute arbitrary commands by sending a specially crafted useralias parameter in a POST request. Th...

Easy File Sharing Web Server HEAD HTTP request vulnerability

Added: 01/08/2016 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as...

FireEye MPS JAR analyzer command execution

Added: 12/28/2015 BID: 78809 Background The FireEye Malware Protection System MPS detects and eliminates malware found on file shares, web downloads, and e-mail. Problem A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR...

iTunes .PLS Title buffer overflow

Added: 05/11/2015 Background iTunes is a free media player for multiple platforms. Problem A buffer overflow vulnerability in iTunes allows command execution when a .PLS file containing a specially crafted Title parameter is opened. Resolution Do not open untrusted .PLS files. References...

Liferay Portal Apache Felix command injection

Added: 12/31/2014 OSVDB: 116510 Background Liferay Portal is an enterprise web platform for building business solutions. Apache Felix is an implementation of the OSGi Framework and Service platform. Problem Liferay Portal is affected by a vulnerability which could allow remote attackers to execut...

XEROX Multiple Product Unauthenticated Remote Firmware Injection Vulnerability

Added: 12/19/2014 BID: 52483 OSVDB: 80096 Background Some Xerox Multifunction Printers MFP utilize Dynamic Loadable Modules DLM for patching, upgrading and cloning. The DLMs can be delivered to the printer via the Jet Direct printer service on TCP port 9100. Problem Multiple Xerox products are...

WinRAR ZIP File Handling Filename Spoofing Vulnerability

Added: 04/28/2014 BID: 66383 OSVDB: 62610 Background WinRAR is a shareware file archiver and data compression utility which runs on Microsoft Windows. It can create archives in ZIP format, as well as its own proprietary RAR format, and unpack a variety of other archive types. Problem WinRAR 4.x i...

Eudora WorldMail IMAPd UID Command Buffer Overflow Vulnerability

Added: 03/06/2014 BID: 65650 OSVDB: 104071 Background Eudora WorldMail is an e-mail server for Windows. Problem Eudora WorldMail version 9.0.333.0 and probably earlier IMAPd service is vulnerable to buffer overflow as a result of improper validation of user-supplied input when handling UID...

HP LoadRunner lrFileIOService ActiveX WriteFileString Method Traversal Vulnerability

Added: 10/17/2013 CVE: CVE-2013-4798 BID: 61443 OSVDB: 95642 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX...

WPAD Listener

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, browsers are...

SAP NetWeaver SOAP RFC SXPG_CALL_SYSTEM Command Execution

Added: 06/03/2013 OSVDB: 93537 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain external operating...

SAP NetWeaver SOAP RFC SXPG_CALL_SYSTEM Command Execution

Added: 06/03/2013 OSVDB: 93537 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain external operating...