<< Previous Next >>
buffer overflow
Team Vexillium
Security Advisory
http://vexillium.org/
Name : Gadu-Gadu
Class : Buffer Overflow
Threat level : VERY HIGH
Discovered : 2007-11-10
Published : 2007-11-22
Credit : j00ru//vx
Vulnerable : Gadu-Gadu 7.7 [Build 3669], prior versions may also be affected.
>
>
>
>
> and run the filemon with the filter as smc.exe, Whenever it tries to
> access the smcgui.exe. There is a "Buffer Overflow" detected. As I have
> said at bugtrax as well, I am not sure if the buffer overflow has happened
> or averted but its all very interesting.
>
>
>
~ Core Security Technologies - CoreLabs Advisory
~ http://www.coresecurity.com/corelabs
~ CORE FORCE Kernel Buffer Overflow
*Advisory Information*
Title: CORE FORCE Kernel Buffer Overflow
Title:
======
Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability
Date:
=====
2012-03-08
Several vulnerabilities have been identified in GIMP, the GNU Image
Manipulation Program.
CVE-2010-4540
Stack-based buffer overflow in the load_preset_response
function in plug-ins/lighting/lighting-ui.c in the "LIGHTING
EFFECTS > LIGHT" plugin allows user-assisted remote attackers
to cause a denial of service (application crash) or possibly
execute arbitrary code via a long Position field in a plugin
configuration file.
-----Original Message-----
From: Rainer Link (ADM-EU)
Sent: Thursday, February 28, 2008 5:48 AM
To: Vulnerability Claim
Subject: WG: Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products
Please take care of it ASAP - please check if other products are affected as well.
Thank you.
Application: Extended Module Player (XMP)
http://xmp.sourceforge.net
Versions: <= 2.5.1
Platforms: Linux, BSD, Solaris, HP-UX, MacOS X, QNX, BeOS, Windows,
OS/2 and AmigaOS
Bugs: A] buffer-overflow in test_oxm / decrunch_oxm
B] buffer-overflow in dtt_load
Exploitation: local
Date: 27 Dec 2007
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
and run the filemon with the filter as smc.exe, Whenever it tries to access
the smcgui.exe. There is a "Buffer Overflow" detected. As I have said at
bugtrax as well, I am not sure if the buffer overflow has happened or
averted but its all very interesting.
======================================================================
Secunia Research 13/05/2010
- Free Download Manager Four Buffer Overflow Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Vendor acknowledgment date: 12/2/2010
Vendor provided fix: No fix provided
Release coordinated with the vendor: N/A
Public disclosure date: 12/10/2010
Type of vulnerability: Denial of Service, Buffer Overflow
Exploit Vectors: Local and Remote
Vulnerability Description: The application is vulnerable to a Denial of Service (DoS) condition due to a buffer overflow encountered when an attacker sends a specially crafted UDP packet to either port 514/UDP or port 513/UDP of the Syslog server. The DoS condition is experienced as a result of sending a large amount of data in the Syslog PRI message header field. The length of data sent to the field causes the application to stop responding and terminates the “SysEvttCol.exe” process on the affected target.
Tested on: Windows XP, SP1, with EventLog Analyzer version 6.1 default installation.
______________________________________________________________________
-------------------------- NSOADV-2010-006 ---------------------------
Authentium Command Free Scan ActiveX Control buffer overflow
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
Problem Description:
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
Title:
======
Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability
Date:
=====
2012-02-11
http://localhost/index.html.
###########[Buffer Overflow]#####################
Buffer Overflow exist if we supply more than 5400~ characters to root directory.Similar thing reported
at version 2.01 of this software http://www.securityfocus.com/bid/20250 (/cgi-bin/AAAA..)
PoC:
Microsoft FTP Client Multiple Bufferoverflow
Vulnerability
#####################################################################
XDisclose Advisory : XD100096
Vulnerability Discovered: November 20th 2007
Advisory Reported : November 28th 2007
Credit : Rajesh Sethumadhavan
[Bkis-11-2009] ProShow Gold Buffer Overflow Vulnerabilities
1. General Information
ProShow Gold is a software allowing you easily create photo and video
slide shows on DVD, PC and Web. Recently, Bkis has just detected
vulnerabilities in the software related to the processing of ProShow
Slideshow’s project files (“.psh”). This vulnerability permits hackers
to execute malicious code on users’ systems.
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Oracle Secure Backup
Summary:
========
A Buffer Overflow vulnerability exists Oracle Secure Backup 10.2.0.2 through a malformed NDMP packet.
#
#############################################################
#
# Product: IP Softphone
# Vendor: Nortel
# Subject: UNIStim IP Softphone Buffer-Overflow
# Risk: High
# Effect: Currently not exploitable
# Author: Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch
# Date: October, 18th 2007
#
Problem Description:
Multiple vulnerabilities has been discovered and fixed in tetex:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Microsoft Office Excel PivotTable Cache Data Record Buffer Overflow
1. *Advisory Information*
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Microsoft Office Visio DXF File Insertion Buffer Overflow
1. *Advisory Information*
#
# Bugs :
#
# 1)Multiples remote denial of service (CWD,DELE,MKD,RMD,RETR,RNFR,RNTO,SIZE,STOR)
#
# 2)Remote Buffer overflow (Logs)
#
# Remote Denial of service:
# APPE A => server gone
#
# CWD AA => server gone
_________________________________________
_________________________________________
Title: Symantec ConsoleUtilities ActiveX Control
Buffer Overflow
Severity: Critical
Advisory ID: NSOADV-2009-001
Found Date: 09.09.2009
Date Reported: 15.09.2009
Release Date: 02.11.2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 08.01.2010
Multiple vulnerabilities has been found and corrected in xpdf:
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,
A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).
Buffer overflow in Ghostscript's BaseFont writer module allows
remote attackers to cause a denial of service and possibly to execute
arbitrary code via a crafted Postscript file (CVE-2008-6679).
Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
Multiple integer overflows in XInitImage function in xwd.c for
GraphicsMagick, allow user-assisted remote attackers to cause a
denial of service (crash) or obtain sensitive information via
crafted images with large or negative values that trigger a
buffer overflow. It only affects the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
Multiple vulnerabilities has been found and corrected in xpdf:
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,
CVE-2007-1667
Multiple integer overflows in XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial of
service (crash) or obtain sensitive information via crafted images with
large or negative values that trigger a buffer overflow. It only affects
the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
Node Manager, which can be exploited by malicious people to compromise
a vulnerable system.
1) Various boundary errors in the OpenView5.exe CGI application when
processing parameters can be exploited to cause stack-based buffer
overflows via HTTP requests to the CGI application with overly long
parameter strings.
2) A boundary error in ov.dll can be exploited to cause a stack-based
buffer overflow by e.g. sending a HTTP request to the OpenView5.exe
CGI application with an overly long parameter string.
<<Previous Next>>
|
