TweakFS Zip Utility for FSX filename buffer overflow

Added: 06/24/2010 CVE: CVE-2010-1458 BID: 39565 OSVDB: 63899 Background The TweakFS Zip Utility is included in the TweakFS Flight Simulator X Utilities. Problem A buffer overflow vulnerability in the TweakFS Zip Utility allows command execution when a user opens a ZIP archive containing a long,...

ReGet Deluxe .wjr file SaveTo attribute buffer overflow

Added: 05/14/2010 BID: 37511 Background ReGet Deluxe is a download manager for Windows. Problem A buffer overflow vulnerability allows command execution when a user opens a .wjr file containing a Download tag with a specially crafted SaveTo attribute. Resolution Do not open untrusted .wjr files...

Orbital Viewer buffer overflow

Added: 03/24/2010 CVE: CVE-2010-0688 BID: 38436 OSVDB: 62580 Background Orbital Viewer is a program for viewing atomic and molecular orbitals. Problem A buffer overflow vulnerability in Orbital Viewer allows command execution when a user opens a specially crafted .orb file. Resolution Do not open...

PHP Remote File Inclusion

Added: 01/28/2010 Background PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file. Problem The PHP script is vulnerable to a remote fi...

Serv-U Web Client session cookie handling buffer overflow

Added: 11/08/2009 BID: 36895 OSVDB: 59772 Background Serv-U is an FTP server for Windows platforms. The Serv-U Web Client component provides a browser-based interface to Serv-U. Problem A buffer overflow in the Serv-U Web Client allows remote attackers to execute arbitrary code when overly long...

IBM Installation Manager iim URI Handling Code Execution

Added: 10/16/2009 CVE: CVE-2009-3518 BID: 36549 OSVDB: 58420 Background IBM Installation Manager IIM is a software tool that helps to install, update, modify, and uninstall packages. Problem When IIM is installed it registers the application IBMIM.exe as the iim:// scheme handler, so when an iim:...

Mozilla Firefox PKCS11 Module Installation Code Execution

Added: 09/24/2009 CVE: CVE-2009-3076 BID: 36343 OSVDB: 57977 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem The warning dialog displayed when adding or removing security modules via pkcs11.addmodule or pkcs11.deletemodule can be customized by a...

Password Hash Grabber

Added: 05/27/2009 Background This tool grabs the windows SAM file or password hashes of the target. The SAM file / password hashes can be viewed in the exploit tools previous results section. Results may be used with third party programs to obtain passwords in plain text. Limitations Password Has...

IBM Access Support ActiveX GetXMLValue buffer overflow

Added: 04/01/2009 CVE: CVE-2009-0215 BID: 34228 OSVDB: 52958 Background The IBM Access Support ActiveX control is used to collect system information. It comes with certain IBM and Lenovo computer systems. Problem A buffer overflow vulnerability allows command execution when a user loads a page...

HP OpenView Network Node Manager OpenView5.exe buffer overflow

Added: 03/23/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in the OpenView5.exe CGI program allows remote attackers to execute arbitrary commands. Resolution Apply...

Fujitsu SystemcastWizard Lite PXE service buffer overflow

Added: 03/03/2009 CVE: CVE-2009-0270 BID: 33342 OSVDB: 51486 Background SystemcastWizard Lite is support software for the setup of Primequest systems. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted datagram to the...

LPViewer ActiveX Control url property buffer overflow

Added: 11/21/2008 CVE: CVE-2008-4384 BID: 31604 OSVDB: 48946 Background The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software. Problem A buffer overflow vulnerability allows command execution when a user opens a w...

Adobe PageMaker key strings buffer overflow

Added: 11/10/2008 CVE: CVE-2007-6432 BID: 31999 OSVDB: 50055 Background Adobe PageMaker is page layout software. Problem A buffer overflow vulnerability in AldFs32.dll allows command execution when a user opens a specially crafted PMD file. Resolution See the solution referenced in APSA08-10...

Cyrus IMAP pop3d popsubfolders buffer overflow

Added: 10/30/2008 CVE: CVE-2006-2502 BID: 18056 OSVDB: 25853 Background Cyrus IMAP is an open-source IMAP, POP3, and KPOP server. The popsubfolders configuration option allows POP3 users to access subfolders by specifying the subfolder name when logging in. Problem When the popsubfolders...

WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow

Added: 08/22/2008 CVE: CVE-2008-3558 BID: 30578 OSVDB: 47344 Background The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting. Problem A buffer overflow vulnerability in the atucfobj.dll ActiveX control allows command execution when a user loads a web page whi...

WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow

Added: 08/22/2008 CVE: CVE-2008-3558 BID: 30578 OSVDB: 47344 Background The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting. Problem A buffer overflow vulnerability in the atucfobj.dll ActiveX control allows command execution when a user loads a web page whi...

Alt-N SecurityGateway username buffer overflow

Added: 07/18/2008 CVE: CVE-2008-4193 BID: 29457 OSVDB: 45854 Background Alt-N SecurityGateway is an e-mail spam firewall for Exchange and SMTP servers. Problem A buffer overflow vulnerability in the web administration interface allows remote attackers to execute arbitrary commands by sending an...

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

HP Software Update HPeDiag ActiveX Control GetXmlFromIni buffer overflow

Added: 05/22/2008 CVE: CVE-2008-0712 BID: 28929 OSVDB: 44662 Background HP Software Update is shipped with various kinds of HP computers to keep HP software up to date. Problem A buffer overflow in the GetXmlFromIni method of the HPeDiag ActiveX control allows command execution when a user loads ...

CA ARCserve Backup for Laptops and Desktops LGServer service code execution

Added: 05/07/2008 CVE: CVE-2008-1328 BID: 28616 OSVDB: 44320 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in BrightStor ARCserve Backup for...

Borland StarTeam Multicast Service parse_request buffer overflow

Added: 04/25/2008 CVE: CVE-2008-0311 BID: 28602 OSVDB: 44039 Background Borland StarTeam is a software change and configuration management system. Problem A buffer overflow vulnerability in the PGMWebHandler::parserequest function in the StarTeam Multicast Service allows remote attackers to execu...

RealNetworks Helix Server RTSP Proxy-Require heap overflow

Added: 03/18/2008 CVE: CVE-2008-5911 BID: 33059 Background RealNetworks Helix Server is a media server supporting multiple formats and platforms. Problem A heap overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted Proxy-Require header i...

Veritas Storage Foundation Administrator service buffer overflow

Added: 03/03/2008 CVE: CVE-2008-0638 BID: 25778 OSVDB: 41978 Background Veritas Storage Foundation is an online storage management solution. An Administrator service, implemented by vxsvc.exe , listens on port 3207 by default. Problem A buffer overflow vulnerability in the Administrator service...

Microsoft Jet Engine MDB file ColumnName buffer overflow

Added: 11/23/2007 CVE: CVE-2007-6026 BID: 26468 OSVDB: 44880 Background The Microsoft Jet Database Engine provides data access functionality for a number of applications. Problem A buffer overflow vulnerability in the Microsoft Jet Database Engine could lead to command execution when a user opens...

Microsoft Visual Studio PDWizard.ocx ActiveX vulnerability

Added: 09/30/2007 CVE: CVE-2007-4891 BID: 25638 OSVDB: 37106 Background Microsoft Visual Studio is a product for facilitating software development on Windows operating systems. Problem ActiveX controls contained in the PDWizard.ocx file in Microsoft Visual Studio 6.0 expose the StartProcess metho...

CA Antivirus engine CAB handling buffer overflow

Added: 06/07/2007 CVE: CVE-2007-2864 BID: 24330 OSVDB: 35245 Background The CA Antivirus engine is included in multiple CA products. Problem A buffer overflow vulnerability in the CA Antivirus engine allows command execution when a CAB file containing a specially crafted "coffFiles" field is...

CA Console Server username buffer overflow

Added: 05/25/2007 CVE: CVE-2007-2522 BID: 23906 OSVDB: 34585 Background Multiple CA products include the inoweb Console Server which listens for connections on port 12168/TCP. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, speciall...

BrightStor ARCserve Message Engine opnum 0x2f buffer overflow

Added: 01/19/2007 CVE: CVE-2007-0169 BID: 22005 OSVDB: 31318 Background The BrightStor ARCserve Backup server runs the Message Engine RPC service on ports 6503/TCP and 6504/TCP by default. Problem A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary command...

Microsoft Message Queuing buffer overflow

Added: 10/06/2006 CVE: CVE-2005-0059 BID: 13112 OSVDB: 15458 Background Microsoft Message Queuing allows applications which may be running at different times to communicate across a network. Problem A buffer overflow in Microsoft Message Queuing allows remote attackers to execute arbitrary...

WS_FTP XCRC buffer overflow

Added: 09/22/2006 CVE: CVE-2006-4847 BID: 20076 OSVDB: 28939 Background WSFTP Server is an FTP server for Windows platforms. Problem Buffer overflows in multiple FTP commands allow an authenticated attacker to execute arbitrary commands. Resolution Upgrade to WSFTP Server 5.05 Hotfix 1. Reference...

McAfee Subscription Manager ActiveX buffer overflow

Added: 08/25/2006 CVE: CVE-2006-3961 BID: 19265 OSVDB: 27698 Background McAfee Antivirus products access the McAfee Security Center product which allows users to set preferences and settings for numerous installed McAfee components and services. The Security Center includes a Subscription Manager...

BrightStor ARCserve Universal Agent buffer overflow

Added: 08/07/2006 CVE: CVE-2005-1018 BID: 13102 OSVDB: 15471 Background The BrightStor ARCserve Backup family of products includes a Universal Agent which listens for connections on port 6050/TCP. Problem A buffer overflow in the Universal Agent allows remote attackers to execute arbitrary comman...

CS-MARS JBoss jmx-console access

Added: 07/26/2006 CVE: CVE-2006-3733 BID: 19075 OSVDB: 27419 Background The Cisco Security Monitoring, Analysis, and Response System CS-MARS recognizes and correlates network attacks. Problem CS-MARS includes the JBoss web application server with insufficient access control to the jmx-console...

IMail LDAP buffer overflow

Added: 07/06/2006 CVE: CVE-2004-0297 BID: 9682 OSVDB: 3984 Background IMail is an e-mail server for Windows platforms. It includes a service which implements the Lightweight Directory Access Protocol LDAP. Problem A buffer overflow in IMail's LDAP service allows a remote attacker to overwrite the...

BASE base_qry_common.php file include

Added: 06/23/2006 CVE: CVE-2006-2685 BID: 18298 OSVDB: 25770 Background Snort is an open-source intrusion detection system. The Basic Analysis and Security Engine BASE is a web interface for analyzing Snort results. Problem If the registerglobals PHP option is enabled, the baseqrycommon.php scrip...

Symantec real-time scan service buffer overflow

Added: 06/13/2006 CVE: CVE-2006-2630 BID: 18107 OSVDB: 25846 Background Various Symantec products include a real-time virus scan service. Problem A buffer overflow in the real-time virus scan service allows remote attackers to execute arbitrary commands. Resolution Apply patch SYM06-010. Referenc...

Cyrus IMAP pop3d popsubfolders buffer overflow

Added: 06/12/2006 CVE: CVE-2006-2502 BID: 18056 OSVDB: 25853 Background Cyrus IMAP is an open-source IMAP, POP3, and KPOP server. The popsubfolders configuration option allows POP3 users to access subfolders by specifying the subfolder name when logging in. Problem When the popsubfolders...

Cyrus IMAP pop3d popsubfolders buffer overflow

Added: 06/12/2006 CVE: CVE-2006-2502 BID: 18056 OSVDB: 25853 Background Cyrus IMAP is an open-source IMAP, POP3, and KPOP server. The popsubfolders configuration option allows POP3 users to access subfolders by specifying the subfolder name when logging in. Problem When the popsubfolders...

IMail IMAP DELETE command buffer overflow

Added: 06/01/2006 CVE: CVE-2004-1520 BID: 11675 OSVDB: 11838 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow in the IMAP service could allow remote attackers to execute commands by sending a long, specially crafted DELETE command. The attacker would need to...

TWiki revision control shell command injection

Added: 04/06/2006 CVE: CVE-2005-2877 BID: 14834 OSVDB: 19403 Background TWiki is a web-based collaboration platform written in PERL. Problem The revision control function in TWiki does not sufficiently check the rev parameter before using it in a shell command call. This allows remote attackers t...

Winamp playlist file buffer overflow

Added: 01/31/2006 CVE: CVE-2006-0476 BID: 16410 OSVDB: 22789 Background Winamp is a media player for Windows. Problem A buffer overflow in Winamp allows code execution when a specially crafted playlist file is opened. Resolution Upgrade to Winamp 5.13 or higher. References Limitations Exploit...

IMail IMAP LOGIN special character vulnerability

Added: 01/04/2006 CVE: CVE-2005-1255 BID: 13727 OSVDB: 16804 Background IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, a web interface, and web calendaring. Problem A remote attacker could execute arbitrary commands by sending a long specially crafte...

VERITAS NetBackup Java Administration Console format string vulnerability

Added: 11/30/2005 CVE: CVE-2005-2715 BID: 15079 OSVDB: 19949 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The bpjava-msvc component of the Java Administration Console in Veritas NetBackup 4.5 through 6.0 is affected by a format string vulnerabilit...

WP Symposium Plugin for WordPress Arbitrary File Upload

Added: 01/29/2015 BID: 71686 OSVDB: 116046 Background WP Symposium is a social network plugin for WordPress. Problem WP Symposium Plugin for WordPress contains a vulnerability that allows a remote attacker to execute arbitrary PHP code. This vulnerability is due to the...

XEROX Multiple Product Unauthenticated Remote Firmware Injection Vulnerability

Added: 12/19/2014 BID: 52483 OSVDB: 80096 Background Some Xerox Multifunction Printers MFP utilize Dynamic Loadable Modules DLM for patching, upgrading and cloning. The DLMs can be delivered to the printer via the Jet Direct printer service on TCP port 9100. Problem Multiple Xerox products are...

HP LeftHand Virtual SAN Appliance Hydra Service Login Buffer Overflow

Added: 08/20/2013 CVE: CVE-2013-2343 BID: 60884 OSVDB: 94701 Background HP LeftHand Virtual SAN Appliance VSA software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware. Problem HP LeftHa...

Novell NetIQ Privileged User Manager Security Bypass

Added: 12/03/2012 BID: 56539 OSVDB: 87334 Background Novell NetIQ Privileged User Manager NPUM allows IT administrators to work on systems without exposing superuser administrator or supervisor passwords or root-account credentials to the administrator. Problem NetIQ Privileged User Manager 2.3.1...

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

Screen Capture

Added: 04/18/2012 Background This tool captures the screen of a remote target. Limitations An existing connection to the remote target is required. For Unix and Linux systems, the xwd utility must be present on the remote target. Platforms Windows Linux Unix...

Dell Webcam Software ActiveX Control CrazyTalk4Native.dll Buffer Overflow

Added: 03/23/2012 BID: 52571 OSVDB: 80205 Background Dell Webcam center was written by Creative and branded by Dell. It includes features to control the Dell laptop's integrated webcam, providing photo capture and video recording capability. It comes bundled with Creative Livecam, which provides...