[CLOSE] OSVDB ID : 57961 - Disclosed: 2009-09-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 56687 - Disclosed: 2009-07-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 56688 - Disclosed: 2009-07-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 56689 - Disclosed: 2009-07-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 56140 - Disclosed: 2009-07-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48290 - Disclosed: 2008-09-12

Description:

(Description Provided by CVE) : Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.

[CLOSE] OSVDB ID : 47124 - Disclosed: 2008-07-21

Description:

ZDaemon contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL pointer dereference error occurs, and will result in loss of availability for the ZDaemon server via a type 6 command.

[CLOSE] OSVDB ID : 46626 - Disclosed: 2008-06-28

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.

[CLOSE] OSVDB ID : 46561 - Disclosed: 2008-06-23

Description:

(Description Provided by CVE) : Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960.

[CLOSE] OSVDB ID : 46562 - Disclosed: 2008-06-23

Description:

Vertex Ltd. SunAge contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted packet causes an infinite loop , and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 46260 - Disclosed: 2008-06-16

Description:

(Description Provided by CVE) : Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.

[CLOSE] OSVDB ID : 46259 - Disclosed: 2008-06-16

Description:

(Description Provided by CVE) : Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times."

[CLOSE] OSVDB ID : 53344 - Disclosed: 2008-05-03

Description:

WebMod contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to the WebMod not properly sanitizing user input, specifically directory traversal style attacks (..\..\) supplied via the GET requests.

[CLOSE] OSVDB ID : 53345 - Disclosed: 2008-05-03

Description:

A remote overflow exists in WebMod. WebMod fails to properly handle cookie parameters greater than 8192 bytes resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 53346 - Disclosed: 2008-05-03

Description:

WebMod contains a flaw that may allow a malicious user to overwrite arbitrary memory. The issue is triggered when a malicious user sends 16,384 bytes to auth.w in parser.cpp. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 53347 - Disclosed: 2008-05-03

Description:

WebMod contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when appending a dot (.) to a URI occurs, which will disclose script source information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 44359 - Disclosed: 2008-04-11

Description:

(Description Provided by CVE) : Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.

[CLOSE] OSVDB ID : 44361 - Disclosed: 2008-04-11

Description:

HP OpenView Network Node Manager contains a flaw that may allow a remote denial of service. The issue is triggered when the ovtopmd service receives a 0x36 packet, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 43982 - Disclosed: 2008-03-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.

[CLOSE] OSVDB ID : 43927 - Disclosed: 2008-03-29

Description:

(Description Provided by CVE) : WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 43925 - Disclosed: 2008-03-29

Description:

(Description Provided by CVE) : Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename.

[CLOSE] OSVDB ID : 43778 - Disclosed: 2008-03-26

Description:

(Description Provided by CVE) : Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.

[CLOSE] OSVDB ID : 43638 - Disclosed: 2008-03-21

Description:

A remote overflow exists in Asus Remote Console. The product fails to use bounds checking resulting in a stack overflow. With a specially crafted request, an attacker can cause remote code execution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 43527 - Disclosed: 2008-03-20

Description:

(Description Provided by CVE) : Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

[CLOSE] OSVDB ID : 43528 - Disclosed: 2008-03-20

Description:

(Description Provided by CVE) : Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

[CLOSE] OSVDB ID : 43529 - Disclosed: 2008-03-20

Description:

(Description Provided by CVE) : Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

[CLOSE] OSVDB ID : 43530 - Disclosed: 2008-03-20

Description:

(Description Provided by CVE) : Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

[CLOSE] OSVDB ID : 43531 - Disclosed: 2008-03-20

Description:

(Description Provided by CVE) : Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

[CLOSE] OSVDB ID : 43532 - Disclosed: 2008-03-20

Description:

(Description Provided by CVE) : Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

[CLOSE] OSVDB ID : 43238 - Disclosed: 2008-03-17

Description:

(Description Provided by CVE) : Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file.

[CLOSE] OSVDB ID : 43239 - Disclosed: 2008-03-17

Description:

MG-SOFT Net Inspector contains a flaw that allows a remote attacker to retrieve files outside of the web path. The issue is due to the mghttpd server not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the HTTP request.

[CLOSE] OSVDB ID : 43240 - Disclosed: 2008-03-17

Description:

MG-SOFT Net Inspector contains a flaw that may allow a remote denial of service. The issue is triggered when an special packet is sent to the UDP port used by the service SNMP MgWTrap3.exe (different from UDP port 162), and will result in loss of availability for the SNMP service. The issue affects to every MG-Soft software, since this service is the core of almost all their products.

[CLOSE] OSVDB ID : 43241 - Disclosed: 2008-03-17

Description:

Net Inspector contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious attacker sends specially crafted request occurs, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 43243 - Disclosed: 2008-03-16

Description:

A remote overflow exists in BootManage TFTP Server. The TFTP Server fails to handle lonf file name requests resulting in a stack-based overflow. With a specially crafted request, an attacker can excute arbitary commands resulting in a loss of integrity or availability.

[CLOSE] OSVDB ID : 43086 - Disclosed: 2008-03-10

Description:

(Description Provided by CVE) : The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability.

[CLOSE] OSVDB ID : 43075 - Disclosed: 2008-03-10

Description:

(Description Provided by CVE) : Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.

[CLOSE] OSVDB ID : 43076 - Disclosed: 2008-03-10

Description:

(Description Provided by CVE) : Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.

[CLOSE] OSVDB ID : 43544 - Disclosed: 2008-03-10

Description:

Timbuktu contains a flaw that allows a remote attacker to upload files to arbitrary locations outside of the web path. The issue is due to the Flash Notes component not properly sanitizing user input, specifically failing to properly escape the '/' and '\' characters.

[CLOSE] OSVDB ID : 43065 - Disclosed: 2008-03-06

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

[CLOSE] OSVDB ID : 43066 - Disclosed: 2008-03-05

Description:

(Description Provided by CVE) : The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.