Microsoft Jet Engine MDB file ColumnName buffer overflow

Added: 11/23/2007 CVE: CVE-2007-6026 BID: 26468 OSVDB: 44880 Background The Microsoft Jet Database Engine provides data access functionality for a number of applications. Problem A buffer overflow vulnerability in the Microsoft Jet Database Engine could lead to command execution when a user opens...

EMC NetWorker Remote Exec service subcmd buffer overflow

Added: 11/09/2007 CVE: CVE-2007-3618 BID: 25375 OSVDB: 39744 Background EMC NetWorker is a centralized data backup solution. Problem A buffer overflow vulnerability in the Remote Exec service nsrexecd.exe allows remote attackers to execute arbitrary commands by sending a long, invalid subcmd to a...

BrightStor ARCserve Backup LGServer rxrLogin buffer overflow

Added: 11/01/2007 CVE: CVE-2007-5003 BID: 24348 OSVDB: 41353 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in the rxrLogin function allows remote...

Tivoli Storage Manager CAD Host header buffer overflow

Added: 10/26/2007 CVE: CVE-2007-4880 BID: 25743 OSVDB: 38161 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on port 1581/TCP. Problem A buffer overflow vulnerability in Tivoli Storage...

Symantec Norton NavComUI ActiveX control vulnerability

Added: 09/20/2007 CVE: CVE-2007-2955 BID: 24983 OSVDB: 36477 Background The Symantec Norton product suite includes antivirus, firewall, and other security functions. Problem Vulnerabilities in the AxSysListView32 and AxSysListView32OAA ActiveX controls, implemented by the NavComUI.dll library...

Ipswitch IMail IMAP SUBSCRIBE command buffer overflow

Added: 08/02/2007 CVE: CVE-2007-3927 BID: 24962 OSVDB: 36222 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SUBSCRIBE command...

Borland Interbase ibserver.exe create buffer overflow

Added: 07/26/2007 CVE: CVE-2007-3566 BID: 25048 OSVDB: 38602 Background Borland Interbase is a database solution for Windows, Linux, and Solaris platforms. Problem A buffer overflow in the database service, ibserver.exe , allows remote attackers to execute arbitrary commands by sending a speciall...

Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow

Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...

MERCUR imapd NTLMSSP

Added: 04/03/2007 CVE: CVE-2007-1578 BID: 23058 OSVDB: 33545 Background MERCUR Messaging Server is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability in MERCUR Messaging Server allows remote attackers to execute arbitrary...

Mercury IMAP data continuation buffer overflow

Added: 03/22/2007 CVE: CVE-2007-1373 OSVDB: 33883 Background Mercury Mail Transport System is an e-mail server product for Windows and NetWare. Problem A buffer overflow vulnerability in the Mercury IMAP service when processing data continuation specifiers allows remote attackers to execute...

HP Mercury LoadRunner mchan.dll buffer overflow

Added: 02/16/2007 CVE: CVE-2007-0446 BID: 22487 OSVDB: 33132 Background HP Mercury LoadRunner is a load testing solution. Problem A buffer overflow in the mchan.dll library allows remote attackers to execute arbitrary commands by sending a packet with a long serveripname field to port 54345/TCP...

Microsoft Help Workshop .HPJ file HLP field buffer overflow

Added: 01/26/2007 CVE: CVE-2007-0427 BID: 22135 OSVDB: 31899 Background Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product. Problem A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user...

BrightStor ARCserve Message Engine opnum 0x75 buffer overflow

Added: 01/24/2007 CVE: CVE-2007-0169 BID: 22005 OSVDB: 31318 Background The BrightStor ARCserve Backup server runs the Message Engine RPC service on ports 6503/TCP and 6504/TCP by default. Problem A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary command...

Microsoft Excel PALETTE record buffer overflow

Added: 01/11/2007 CVE: CVE-2007-0031 BID: 21922 OSVDB: 31258 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a speciall...

Novell NetMail NMAP STOR command buffer overflow

Added: 01/05/2007 CVE: CVE-2006-6424 BID: 21725 OSVDB: 31363 Background Novell NetMail servers include the Network Messaging Application Protocol NMAP service, which listens on port 689/TCP. Problem A buffer overflow in Novell NetMail allows remote attackers to execute arbitrary commands by sendi...

MDaemon WorldClient form2raw.cgi From buffer overflow

Added: 09/18/2006 CVE: CVE-2003-1200 BID: 9317 OSVDB: 3255 Background MDaemon is an e-mail server product for Windows. It includes a web mail component called WorldClient. Problem A buffer overflow in MDaemon WorldClient allows remote command execution by sending a web request for the form2raw.cg...

TikiWiki file upload vulnerability (jhot.php)

Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...

MERCUR Messaging IMAP LOGIN command buffer overflow

Added: 07/10/2006 CVE: CVE-2006-1255 BID: 17138 OSVDB: 23950 Background MERCUR Messaging 2005 is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability in the IMAP service when processing the LOGIN command allows remote...

MailEnable SMTP AUTH LOGIN buffer overflow

Added: 06/30/2006 CVE: CVE-2005-1781 BID: 13772 OSVDB: 16851 Background MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services. Problem The SMTP service in MailEnable is affected by a...

BASE base_qry_common.php file include

Added: 06/23/2006 CVE: CVE-2006-2685 BID: 18298 OSVDB: 25770 Background Snort is an open-source intrusion detection system. The Basic Analysis and Security Engine BASE is a web interface for analyzing Snort results. Problem If the registerglobals PHP option is enabled, the baseqrycommon.php scrip...

Symantec real-time scan service buffer overflow

Added: 06/13/2006 CVE: CVE-2006-2630 BID: 18107 OSVDB: 25846 Background Various Symantec products include a real-time virus scan service. Problem A buffer overflow in the real-time virus scan service allows remote attackers to execute arbitrary commands. Resolution Apply patch SYM06-010. Referenc...

IMail IMAP DELETE command buffer overflow

Added: 06/01/2006 CVE: CVE-2004-1520 BID: 11675 OSVDB: 11838 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow in the IMAP service could allow remote attackers to execute commands by sending a long, specially crafted DELETE command. The attacker would need to...

Windows compressed folders buffer overflow

Added: 05/15/2006 CVE: CVE-2004-0575 BID: 11382 OSVDB: 10695 Background Microsoft Windows XP and Windows Server 2003 include the ability to natively handle ZIP files. Problem A buffer overflow when handling compressed folders allows command execution when a specially crafted ZIP file is opened by...

cachefsd heap overflow

Added: 04/05/2006 CVE: CVE-2002-0033 BID: 4674 OSVDB: 779 Background cachefsd is an RPC service which supports local caching of Network File Systems NFS, thereby improving performance on filesystems mounted from an NFS server. Problem A heap overflow in cachefsd allows remote command execution...

BakBone NetVault remote heap overflow

Added: 03/24/2006 CVE: CVE-2005-1009 BID: 12967 OSVDB: 15234 Background BakBone NetVault is a distributed data backup and restore solution for UNIX and Windows networks. Problem A heap overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

IMail IMAP FETCH command buffer overflow

Added: 03/15/2006 CVE: CVE-2005-3526 BID: 17063 OSVDB: 23796 Background IMail is a mail server for Windows including SMTP, IMAP, and LDAP services. Problem A buffer overflow vulnerability in IMail allows remote authenticated attackers to execute arbitrary commands by sending a specially crafted...

Windows Plug and Play buffer overflow

Added: 03/03/2006 CVE: CVE-2005-1983 BID: 14513 OSVDB: 18605 Background The Windows Plug and Play service allows Windows operating systems to automatically detect and configure a new hardware device, such as a mouse. Problem A buffer overflow in the Plug and Play service could allow command...

Windows Media Player plugin EMBED buffer overflow

Added: 02/16/2006 CVE: CVE-2006-0005 BID: 16644 OSVDB: 23132 Background The Windows Media Player plug-in allows the processing of embedded media from inside other applications, such as web browsers. Problem A buffer overflow in the Windows Media Player plug-in allows remote command execution when...

Microsoft SQL Server 2000 resolution service buffer overflow

Added: 02/05/2006 CVE: CVE-2002-0649 BID: 5310 OSVDB: 4577 Background Microsoft SQL Server is a database server package for Windows platforms. SQL Server 2000 introduced the SQL Server Resolution Service, which runs on port 1434/UDP and identifies the port on which each SQL Server instance runs...

BrightStor ARCserve Backup agent for MS-SQL buffer overflow

Added: 12/20/2005 CVE: CVE-2005-1272 BID: 14453 OSVDB: 18501 Background BrightStor ARCserve Backup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in the backup agent for Microsoft SQL Server allows remote attackers to execute arbitrary commands. Resolution App...

Novell eDirectory iMonitor buffer overflow

Added: 11/29/2005 CVE: CVE-2005-2551 BID: 14548 OSVDB: 18703 Background iMonitor is a web service which is a component of Novell eDirectory. Problem A buffer overflow when processing long HTTP or HTTPS requests leads to remote command execution. Resolution Upgrade to eDirectory 8.7.3 IR7 or highe...

Hummingbird InetD LPD buffer overflow

Added: 11/29/2005 CVE: CVE-2005-1815 BID: 13788 OSVDB: 16957 Background Hummingbird InetD implements common UNIX services on Windows platforms. Problem The Hummingbird InetD LPD service is affected by a buffer overflow which allows remote command execution. Resolution Apply the patch. References...

Apache Tomcat PUT method JSP upload

Added: 10/13/2017 BID: 100954 Background Apache Tomcat is a Java web application platform. Problem A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file. Resolution Upgrade to Apache Tomca...

Easy File Sharing Web Server HEAD HTTP request vulnerability

Added: 01/08/2016 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as...

FireEye MPS JAR analyzer command execution

Added: 12/28/2015 BID: 78809 Background The FireEye Malware Protection System MPS detects and eliminates malware found on file shares, web downloads, and e-mail. Problem A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR...

Easy File Management Web Server UserID Cookie Handling Buffer Overflow

Added: 07/02/2014 BID: 67542 OSVDB: 107241 Background Easy File Management Web Server is a Microsoft Windows based file management application that allows remote users to upload and download files through a web browser. It also supports online editing of Word, Excel, PowerPoint and PDF documents ...

RealPlayer RMP File Version Attribute Buffer Overflow

Added: 12/27/2013 CVE: CVE-2013-6877 BID: 64398 OSVDB: 101356 Background RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page. Problem RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper...

HP LoadRunner Virtual User Generator EmulationAdmin service directory traversal

Added: 12/18/2013 CVE: CVE-2013-4837 BID: 63475 OSVDB: 99231 Background HP LoadRunner is a software performance testing solution. Problem A directory traversal vulnerability in the Virtual User Generator EmulationAdmin service allows remote attackers to upload files to arbitrary locations using t...

HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error

Added: 08/29/2013 CVE: CVE-2013-2370 BID: 61441 OSVDB: 95640 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control. Problem HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX...

Sami FTP Server LIST command buffer overflow

Added: 04/01/2013 BID: 58247 OSVDB: 90815 Background Sami FTP Server is an FTP server for Windows. Problem Sami FTP Server is affected by a buffer overflow vulnerability. A remote attacker could exploit this vulnerability by sending a long, specially crafted LIST command to the server, resulting ...

Foxit Reader Plugin for Firefox URL Filename Stack Buffer Overflow

Added: 01/12/2013 BID: 57174 OSVDB: 89030 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader plugin for Firefox npFoxitReaderPlugin.dll is vulnerable to remote code execution as a result of failure to check boundary conditions when processing a URL...

HP Diagnostics magentservice.exe Malformed Packet Parsing Vulnerability

Added: 10/12/2012 BID: 55159 OSVDB: 84855 Background HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments. Problem HP Diagnostics Server has a buffer overflow vulnerability in the magentservice.exe process that could allow...

Novell File Reporter NFRAgent.exe VOL tag buffer overflow

Added: 10/12/2012 BID: 55268 OSVDB: 85503 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where duplicates exist...

Novell File Reporter NFRAgent.exe VOL tag buffer overflow

Added: 10/12/2012 BID: 55268 OSVDB: 85503 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where duplicates exist...

Oracle Outside In XPM Image Processing Stack Overflow

Added: 09/10/2012 Background Oracle Outside In is a suite of software development kits that provides developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. Problem In Outside In versions 8.3.5.0 through 8.3.7, the XPM image...

HP Operations Agent Opcode 0x8c vulnerability

Added: 08/20/2012 CVE: CVE-2012-2020 BID: 54362 OSVDB: 83674 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

Cisco Linksys PTZ Internet Video Camera PlayerPT ActiveX Overflow

Added: 04/19/2012 BID: 52673 OSVDB: 80297 Background The Cisco WVC200 Wireless-G PTZ Internet Video Camera sends live video through the Internet to a web browser anywhere in the world. Viewers can access the video stream through an HTTP service, which requires an ActiveX client to be installed in...

Tivoli Provisioning Manager Express ActiveX RunAndUploadFile vulnerability

Added: 04/13/2012 CVE: CVE-2012-0198 BID: 52252 OSVDB: 79735 Background Tivoli Provisioning Manager Express for Software Distribution is a software inventory and distribution solution. Problem A buffer overflow vulnerability in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control...

ASUS Net4Switch ipswcom.dll ActiveX Control Buffer Overflow

Added: 03/19/2012 BID: 52110 OSVDB: 79438 Background Asus manufactures computers, peripherals, computer components and network switches. Problem The Asus Net4Switch ipswcom.dll ActiveX component is vulnerable to buffer overflow as a result of failure to perform adequate boundary checks on...