Next Page >>
buffer overflow
http://www.doomsdayhq.com
http://www.dengine.net
http://sourceforge.net/projects/deng/
Versions: <= 1.9.0-beta5.1 and current SVN
Platforms: Windows, Linux and Mac
Bugs: A] D_NetPlayerEvent global buffer-overflow using PKT_CHAT
B] Msg_Write global buffer-overflow through PKT_CHAT
C] undelimited strcpy in PKT_CHAT
D] integer overflow in PKT_CHAT
E] static buffer-overflow in NetSv_ReadCommands
F] client format string through PSV_CONSOLE_TEXT
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Authorization bypass, Buffer overflow
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34035
CVE Name: CVE-2009-0836, CVE-2009-0837
Application: libnemesi
http://live.polito.it/documentation/libnemesi
Versions: <= 0.6.4-rc1
Platforms: *nix
Bugs: A] buffer-overflow in handle_rtsp_pkt
B] buffer-overflow in the send_*_request functions
C] buffer-overflow in get_transport_str_*
Exploitation: remote
Date: 27 Dec 2007
Author: Luigi Auriemma
//################################################
//
//Vulnerability: Remote Buffer Overflow Exploit
//Impact: Remote Denial of Service Attack
//Vulnerable Application: TFTP Daemon Version 1.9
//Tested on Windows XP Service Pack II
//
//Author: Socket_0x03
//Contact: Socket_0x03@teraexe.com
//Website: www.teraexe.com
The last exploit (http://www.securityfocus.com/archive/1/508581 ) had a mistake in its instructions (usage). Now, it works perfectly:
//################################################
//
//Vulnerability: Remote Buffer Overflow Exploit
//Impact: Remote Denial of Service Attack
//Vulnerable Application: TFTP Daemon Version 1.9
//Tested on Windows XP Service Pack II
//
//Author: Socket_0x03
======================================================================
Secunia Research 25/08/2008
- Novell iPrint Client ActiveX Control Multiple Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
1. *Advisory Information*
Title: Novell iManager Multiple Vulnerabilities
Advisory Id: CORE-2010-0316
Advisory URL:
[http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities]
Date published: 2010-06-23
Date of last update: 2010-06-23
Vendors contacted: Novell
Release mode: User release
[*] Version : 1.0
[*] Vendor : George Fesalides
[*] URL : http://sourceforge.net/projects/somplmp3/files/
[*] URL2 : http://www.softpedia.com/progDownload/SOMPL-Download-144999.html
[*] Platform : Windows
[*] Type of vulnerability : Buffer Overflow
[*] Risk rating : Medium
[*] Issue fixed in version : ???
[*] Vulnerability discovered by : Rick2600
[*] Greetings to : corelanc0d3r, EdiStrosar, mr_me, ekse, MarkoT, sinn3r
2. *Vulnerability Information*
Class: Stack-based Buffer Overflow [CWE-121], Stack-based Buffer
Overflow [CWE-121]
Impact: Code execution
Remotely Exploitable: Yes (client-side)
Locally Exploitable: No
CVE Name: CVE-2010-3269, CVE-2010-3270
Hash: SHA1
~ Core Security Technologies - CoreLabs Advisory
~ http://www.coresecurity.com/corelabs/
~ Anzio Web Print Object Buffer Overflow
*Advisory Information*
Title: Anzio Web Print Object Buffer Overflow
A NULL pointer dereference flaw in the JBIG2 decoder allows remote
attackers to cause denial of service (crash) via a crafted PDF file
(CVE-2009-1181).
Multiple buffer overflows in the JBIG2 MMR decoder allows remote
attackers to cause denial of service or to execute arbitrary code
via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).
An integer overflow in the JBIG2 decoding feature allows remote
attackers to cause a denial of service (crash) and possibly execute
1. *Advisory Information*
Title: Amaya web editor XML and HTML parser vulnerabilities
Advisory ID: CORE-2008-1211
Advisory URL: http://www.coresecurity.com/content/amaya-buffer-overflows
Date published: 2009-01-28
Date of last update: 2009-01-26
Vendors contacted: INRIA
Release mode: Coordinated release
SCCP and SIP-Related Vulnerabilities
* DNS Response Parsing Overflow
Cisco Unified IP Phone 7940, 7940G, 7960 and 7960G devices
running SCCP and SIP firmware contain a buffer overflow
vulnerability in the handling of DNS responses. A
specially-crafted DNS response may be able to trigger a buffer
overflow and execute arbitrary code on a vulnerable phone. This
vulnerability is corrected in SCCP firmware version 8.0(8) and
SIP firmware version 8.8(0). This vulnerability is documented in
A NULL pointer dereference flaw in the JBIG2 decoder allows remote
attackers to cause denial of service (crash) via a crafted PDF file
(CVE-2009-1181).
Multiple buffer overflows in the JBIG2 MMR decoder allows remote
attackers to cause denial of service or to execute arbitrary code
via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).
An integer overflow in the JBIG2 decoding feature allows remote
attackers to cause a denial of service (crash) and possibly execute
Application: WinCom LPD Total - Line Printer Daemon
http://clientsoftware.com.au/lpd.html
Versions: <= 3.0.2.623
Platforms: Windows
Bugs: A] buffer-overflow in control filename
B] remote administration bypassing
C] integer memcpy crash in remote administration
D] buffer-overflow in remote administration
Exploitation: remote
Date: 04 Feb 2008
Application: Now SMS/MMS Gateway
http://www.nowsms.com
Versions: <= v2007.06.27
Platforms: Windows
Bugs: A] web authorization buffer-overflow
B] SMPP buffer-overflow
Exploitation: remote
Date: 19 Feb 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
Application: Georgia SoftWorks SSH2 Server (GSW_SSHD)
http://www.georgiasoftworks.com/prod_ssh2/ssh2_server.htm
Versions: <= 7.01.0003
Platforms: Windows
Bugs: A] format string in the log function
B] buffer-overflow in the log function
C] buffer-overflow in the handling of the password
Exploitation: remote
Date: 02 Jan 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
Application: yaSSL
http://www.yassl.com
Versions: <= 1.7.5
Platforms: Windows and *nix
Bugs: A] buffer-overflow in ProcessOldClientHello
B] buffer-overflow in "input_buffer& operator>>"
C] invalid memory access in HASHwithTransform::Update
Exploitation: remote
Date: 04 Jan 2008
Author: Luigi Auriemma
Application: Feng
http://live.polito.it/documentation/feng
Versions: <= 0.1.15
Platforms: *nix
Bugs: A] first buffer-overflow in RTSP_valid_response_msg
B] second buffer-overflow in RTSP_valid_response_msg
C] crash in RTSP_remove_msg
D] NULL pointer in parse_transport_header
E] NULL pointer in parse_play_time_range
F] NULL pointer in log_user_agent
Application: FSD
http://www.mcdu.com/en/download.php
Versions: <= "V2.052 d9" (original FSD) and "V3.000 d9" (FSFDT FSD)
Platforms: Windows and *nix
Bugs: A] buffer-overflow in exechelp
B] buffer-overflow in execmulticast
Exploitation: remote
Date: 01 Oct 2007
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
Application: Live for Speed
http://www.lfs.net
Versions: <= 0.5X10
Platforms: Windows
Bugs: A] nickname buffer-overflow
B] partial track buffer-overflow
C] NULL pointer access in internet/hidden S1/S2 servers
D] memcpy() NULL pointer in internet/hidden S1/S2 servers
Exploitation: remote, versus server
A] demo/S1/S2 in-game
Application: Toribash
http://www.toribash.com
Versions: <= 2.71
Platforms: Windows, Mac and Linux
Bugs: A] dedicated server format string
B] client commands buffer-overflow
C] client unicode buffer-overflow in the SAY command
D] server crash through uninitialized values
E] line-feed dropping
F] Windows dedicated server hell bell
G] clients kicked by malformed packet
~ Core Security Technologies - CoreLabs Advisory
~ http://www.coresecurity.com/corelabs
~ CORE FORCE Kernel Buffer Overflow
*Advisory Information*
Title: CORE FORCE Kernel Buffer Overflow
>
>
>
>
> and run the filemon with the filter as smc.exe, Whenever it tries to
> access the smcgui.exe. There is a "Buffer Overflow" detected. As I have
> said at bugtrax as well, I am not sure if the buffer overflow has happened
> or averted but its all very interesting.
>
>
>
Team Vexillium
Security Advisory
http://vexillium.org/
Name : Gadu-Gadu
Class : Buffer Overflow
Threat level : VERY HIGH
Discovered : 2007-11-10
Published : 2007-11-22
Credit : j00ru//vx
Vulnerable : Gadu-Gadu 7.7 [Build 3669], prior versions may also be affected.
#=cicatriz <c1c4tr1z@voodoo-labs.org>=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(advisories)=#
/) /) /)
_ _ _______(/ ________ // _ (/_ _ _____ _
(/__(_)(_)(_(_(_)(_) (/_(_(_/_) /_)_ o (_)/ (_(_/_
.-/
#=Amaya 11.1 XHTML Parser Buffer Overflow=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~(_/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Advisory & Vulnerability Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
Title: Amaya 11.1 XHTML Parser Buffer Overflow
Advisory ID: VUDO-2009-0104
>>
>>
>>
>>
>> and run the filemon with the filter as smc.exe, Whenever it tries to
>> access the smcgui.exe. There is a "Buffer Overflow" detected. As I have
>> said at bugtrax as well, I am not sure if the buffer overflow has
>> happened or averted but its all very interesting.
>>
>>
>>
#IpSwitch WS_FTPSERVER with SSH remote Buffer Overflow
#
# Website:http://www.wsftp.com/products/ws_ftp_server/
#
# Version:6.1.0.0 ( last one,others might be vuln too )
#
# Bug: Remote Buffer Overflow ( CD)
#
# (8e8.a78): Access violation - code c0000005 (first chance)
# First chance exceptions are reported before any exception handling.
First of all, to make a polymorphic code we have to be sure we have all the
requirements to achieve the concept that a polymorphic code must be
unpredictable, and it means random. I choose the MS02-039[1], because I have
all the requirements for this proof of concept:
1. Microsoft Windows Buffer Overflow[2];
2. Buffer to overflow is not too big;
3. More than just one Return Address[3];
4. Incredible high number of writable addresses only in
SQLSORT.DLL[4].
-----Original Message-----
From: Rainer Link (ADM-EU)
Sent: Thursday, February 28, 2008 5:48 AM
To: Vulnerability Claim
Subject: WG: Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products
Please take care of it ASAP - please check if other products are affected as well.
Thank you.
Next Page>>
|
