<< Previous Next >>
buffer overflows
#=cicatriz <c1c4tr1z@voodoo-labs.org>=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(advisories)=#
/) /) /)
_ _ _______(/ ________ // _ (/_ _ _____ _
(/__(_)(_)(_(_(_)(_) (/_(_(_/_) /_)_ o (_)/ (_(_/_
.-/
#=Amaya 11.1 XHTML Parser Buffer Overflow=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~(_/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Advisory & Vulnerability Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
Title: Amaya 11.1 XHTML Parser Buffer Overflow
Advisory ID: VUDO-2009-0104
Team Vexillium
Security Advisory
http://vexillium.org/
Name : Gadu-Gadu
Class : Buffer Overflow
Threat level : VERY HIGH
Discovered : 2007-11-10
Published : 2007-11-22
Credit : j00ru//vx
Vulnerable : Gadu-Gadu 7.7 [Build 3669], prior versions may also be affected.
Problem Description:
Multiple vulnerabilities has been discovered and fixed in tetex:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
#IpSwitch WS_FTPSERVER with SSH remote Buffer Overflow
#
# Website:http://www.wsftp.com/products/ws_ftp_server/
#
# Version:6.1.0.0 ( last one,others might be vuln too )
#
# Bug: Remote Buffer Overflow ( CD)
#
# (8e8.a78): Access violation - code c0000005 (first chance)
# First chance exceptions are reported before any exception handling.
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
HP OpenView Buffer Overflows
1. *Advisory Information*
Title: HP OpenView Buffer Overflows
Node Manager, which can be exploited by malicious people to compromise
a vulnerable system.
1) Various boundary errors in the OpenView5.exe CGI application when
processing parameters can be exploited to cause stack-based buffer
overflows via HTTP requests to the CGI application with overly long
parameter strings.
2) A boundary error in ov.dll can be exploited to cause a stack-based
buffer overflow by e.g. sending a HTTP request to the OpenView5.exe
CGI application with an overly long parameter string.
======================================================================
Secunia Research 08/04/2008
- Lotus Notes htmsr.dll Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 08/04/2008
- Lotus Notes EML Reader Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 08/04/2008
- Autonomy Keyview EML Reader Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
http://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mplayer
Vulnerability : buffer overflows
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0485 CVE-2008-0486 CVE-2008-0629 CVE-2008-0630
Several buffer overflows have been discovered in the MPlayer movie player,
Affected: 2007.1, 2008.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Heap-based buffer overflow in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote
attackers to execute arbitrary code via the SDP Abstract attribute,
related to the rmff_dump_header function and related to disregarding
the max field. Although originally a xine-lib issue, also affects
MPlayer due to code similarity. (CVE-2008-0225)
Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
iDefense Security Advisory 08.21.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 21, 2007
I. BACKGROUND
Trend Micro Inc.'s ServerProtect is an anti-virus software for Microsoft
Windows and Novell NetWare servers. It enables network administrators to
-----Original Message-----
From: Rainer Link (ADM-EU)
Sent: Thursday, February 28, 2008 5:48 AM
To: Vulnerability Claim
Subject: WG: Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products
Please take care of it ASAP - please check if other products are affected as well.
Thank you.
Application: Extended Module Player (XMP)
http://xmp.sourceforge.net
Versions: <= 2.5.1
Platforms: Linux, BSD, Solaris, HP-UX, MacOS X, QNX, BeOS, Windows,
OS/2 and AmigaOS
Bugs: A] buffer-overflow in test_oxm / decrunch_oxm
B] buffer-overflow in dtt_load
Exploitation: local
Date: 27 Dec 2007
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
Microsoft FTP Client Multiple Bufferoverflow
Vulnerability
#####################################################################
XDisclose Advisory : XD100096
Vulnerability Discovered: November 20th 2007
Advisory Reported : November 28th 2007
Credit : Rajesh Sethumadhavan
http://localhost/index.html.
###########[Buffer Overflow]#####################
Buffer Overflow exist if we supply more than 5400~ characters to root directory.Similar thing reported
at version 2.01 of this software http://www.securityfocus.com/bid/20250 (/cgi-bin/AAAA..)
PoC:
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Microsoft Office Visio DXF File Insertion Buffer Overflow
1. *Advisory Information*
[Bkis-11-2009] ProShow Gold Buffer Overflow Vulnerabilities
1. General Information
ProShow Gold is a software allowing you easily create photo and video
slide shows on DVD, PC and Web. Recently, Bkis has just detected
vulnerabilities in the software related to the processing of ProShow
Slideshow’s project files (“.psh”). This vulnerability permits hackers
to execute malicious code on users’ systems.
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Microsoft Office Excel PivotTable Cache Data Record Buffer Overflow
1. *Advisory Information*
#
#############################################################
#
# Product: IP Softphone
# Vendor: Nortel
# Subject: UNIStim IP Softphone Buffer-Overflow
# Risk: High
# Effect: Currently not exploitable
# Author: Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch
# Date: October, 18th 2007
#
2. *Vulnerability Information*
Class: Buffer Overflow [CWE-119]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2011-0615
and run the filemon with the filter as smc.exe, Whenever it tries to access
the smcgui.exe. There is a "Buffer Overflow" detected. As I have said at
bugtrax as well, I am not sure if the buffer overflow has happened or
averted but its all very interesting.
======================================================================
Secunia Research 13/05/2010
- Free Download Manager Four Buffer Overflow Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Vendor acknowledgment date: 12/2/2010
Vendor provided fix: No fix provided
Release coordinated with the vendor: N/A
Public disclosure date: 12/10/2010
Type of vulnerability: Denial of Service, Buffer Overflow
Exploit Vectors: Local and Remote
Vulnerability Description: The application is vulnerable to a Denial of Service (DoS) condition due to a buffer overflow encountered when an attacker sends a specially crafted UDP packet to either port 514/UDP or port 513/UDP of the Syslog server. The DoS condition is experienced as a result of sending a large amount of data in the Syslog PRI message header field. The length of data sent to the field causes the application to stop responding and terminates the “SysEvttCol.exe” process on the affected target.
Tested on: Windows XP, SP1, with EventLog Analyzer version 6.1 default installation.
#
# Bugs :
#
# 1)Multiples remote denial of service (CWD,DELE,MKD,RMD,RETR,RNFR,RNTO,SIZE,STOR)
#
# 2)Remote Buffer overflow (Logs)
#
# Remote Denial of service:
# APPE A => server gone
#
# CWD AA => server gone
______________________________________________________________________
-------------------------- NSOADV-2010-006 ---------------------------
Authentium Command Free Scan ActiveX Control buffer overflow
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
Title:
======
Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability
Date:
=====
2012-02-11
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Oracle Secure Backup
Summary:
========
A Buffer Overflow vulnerability exists Oracle Secure Backup 10.2.0.2 through a malformed NDMP packet.
_________________________________________
_________________________________________
Title: Symantec ConsoleUtilities ActiveX Control
Buffer Overflow
Severity: Critical
Advisory ID: NSOADV-2009-001
Found Date: 09.09.2009
Date Reported: 15.09.2009
Release Date: 02.11.2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 08.01.2010
<<Previous Next>>
|
