[CLOSE] OSVDB ID : 67713 - Disclosed: 2010-08-20

Description:

(Description Provided by CVE) : Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.

[CLOSE] OSVDB ID : 67711 - Disclosed: 2010-08-20

Description:

(Description Provided by CVE) : Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-2007.

[CLOSE] OSVDB ID : 42166 - Disclosed: 2007-11-12

Description:

(Description Provided by CVE) : Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.

[CLOSE] OSVDB ID : 37889 - Disclosed: 2007-07-09

Description:

(Description Provided by CVE) : The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.

[CLOSE] OSVDB ID : 58263 - Disclosed: 2009-09-21

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file.

[CLOSE] OSVDB ID : 13692 - Disclosed: 2000-06-27

Description:

(Description Provided by CVE) : Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow remote attackers to execute arbitrary commands via long USER, PASS, LIST, RETR, or DELE commands.

[CLOSE] OSVDB ID : 82488 - Disclosed: 2012-05-27

Description:

WinRadius Server contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to validate input passed via the password field, and will result in loss of availability for the system when a remote attacker supplies a password with more than 240 characters.

[CLOSE] OSVDB ID : 22363 - Disclosed: 2005-12-21

Description:

(Description Provided by CVE) : Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE.

[CLOSE] OSVDB ID : 43439 - Disclosed: 2008-03-17

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.

[CLOSE] OSVDB ID : 20402 - Disclosed: 2005-10-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18942 - Disclosed: 2004-09-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12550 - Disclosed: 2004-12-22

Description:

A local overflow exists in WinRar. WinRar fails to properly validate data resulting in a buffer overflow. When a user deletes a specific file from a specially crafted zip file, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 22364 - Disclosed: 2006-01-03

Description:

(Description Provided by CVE) : Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to specify a command-line argument for this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.

[CLOSE] OSVDB ID : 88590 - Disclosed: 2003-05-09

Description:

WinRAR contains a flaw that allows a remote attacker to potentially overwrite files and execute arbitrary programs on a target system. The issue is due to the module not properly filtering encoded path names when extracting files. This allows an attacker to create a specially crafted .zip file that will extract files to arbitrary locations including the system root directory.

[CLOSE] OSVDB ID : 27379 - Disclosed: 2006-07-18

Description:

(Description Provided by CVE) : Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.

[CLOSE] OSVDB ID : 27031 - Disclosed: 2006-07-05

Description:

A local overflow exists in WinRAR. WinRAR fails to process archive comment when extracting files resulting in a stack overflow. With a specially crafted file, an attacker can cause an application overflow resulting in a loss of integrity.

[CLOSE] OSVDB ID : 19915 - Disclosed: 2005-10-11

Description:

A remote overflow exists in WinRAR. The 'UNACEV2.DLL' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ACE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11386 - Disclosed: 2004-11-02

Description:

WinRAR contains a flaw that may allow a remote denial of service due to a non-descript error in WinRAR's Repair command. The issue is triggered when repairing a corrupt ZIP archive, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 15983 - Disclosed: 2005-02-02

Description:

(Description Provided by CVE) : Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.

[CLOSE] OSVDB ID : 62610 - Disclosed: 2009-09-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 47057 - Disclosed: 2008-07-15

Description:

WinRemotePC 2008 contains a flaw that may allow a remote attacker to cause a denial of service. The issue is triggered when the attacker sends a flood of overly large or malformed packets, causing the program to exhaust available CPU and memory resources.

[CLOSE] OSVDB ID : 70285 - Disclosed: 2010-12-20

Description:

WinRoute Firewall contains a flaw related to an unspecified error when processing HTTP data sent to a 'non-HTTP' TCP connection. The issue is triggered when a context-dependent attacker stores arbitrary data in the HTTP cache, which will be served in place of legitimate content.

[CLOSE] OSVDB ID : 7688 - Disclosed: 2003-01-28

Description:

(Description Provided by CVE) : SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

[CLOSE] OSVDB ID : 5381 - Disclosed: 2004-04-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 40519 - Disclosed: 2007-09-13

Description:

(Description Provided by CVE) : Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.

[CLOSE] OSVDB ID : 26338 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

[CLOSE] OSVDB ID : 2614 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58950 - Disclosed: 2003-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13206 - Disclosed: 2000-09-11

Description:

(Description Provided by CVE) : Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to cause a denial of service via a long (1) USER or (2) HELO command.

[CLOSE] OSVDB ID : 1665 - Disclosed: 2000-11-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.