[CLOSE] OSVDB ID : 76843 - Disclosed: 2011-10-19

Description:

Microsoft Windows contains a flaw related to the Win32k TrueType font parsing engine that may allow a context-dependent attacker to execute arbitrary code via malicious font data contained in a Word document.

[CLOSE] OSVDB ID : 74483 - Disclosed: 2011-08-09

Description:

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when Tcpip.sys fails to properly parse URL requests when URL-based Quality of Service (QoS) is enabled, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 72933 - Disclosed: 2011-06-15

Description:

A memory corruption flaw exists in Threat Management Gateway (TMG) client. The function NSPLookupServiceNext fails to sanitize user-supplied input for specific requests made through TMG Firewall Client resulting in memory corruption. With a specially crafted request, a remote attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 64070 - Disclosed: 2010-04-13

Description:

(Description Provided by CVE) : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

[CLOSE] OSVDB ID : 63331 - Disclosed: 2010-03-30

Description:

A memory corruption flaw exists in Microsoft Internet Explorer versions 5.01, 6, 6 SP1, 8. The service fails to sanitize user-supplied input handling certain HTML objects resulting in memory corruption. With a specially crafted web page, a remote attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 62810 - Disclosed: 2010-03-09

Description:

Microsoft Windows Internet Explorer contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an attacker utilizes a remote memory-corruption vulnerability in Internet Explorer by inserting malicious code into a site and when Internet Explorer attempts to parse the attack page, the remote attacker to gain privileges of the currently logged-in user viewing the malicious site.

[CLOSE] OSVDB ID : 62782 - Disclosed: 2010-03-05

Description:

(Description Provided by CVE) : UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.

[CLOSE] OSVDB ID : 62714 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.

[CLOSE] OSVDB ID : 62674 - Disclosed: 2010-03-03

Description:

(Description Provided by CVE) : modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

[CLOSE] OSVDB ID : 62632 - Disclosed: 2010-02-26

Description:

Windows contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is triggered when a user is convinced to press F1 in response to a MessageBox originated from VBscript within a web page.

[CLOSE] OSVDB ID : 62129 - Disclosed: 2010-01-27

Description:

(Description Provided by CVE) : The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

[CLOSE] OSVDB ID : 61956 - Disclosed: 2010-01-26

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

[CLOSE] OSVDB ID : 62033 - Disclosed: 2010-01-23

Description:

(Description Provided by CVE) : Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

[CLOSE] OSVDB ID : 61979 - Disclosed: 2010-01-22

Description:

(Description Provided by CVE) : Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.

[CLOSE] OSVDB ID : 61980 - Disclosed: 2010-01-21

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.

[CLOSE] OSVDB ID : 61852 - Disclosed: 2010-01-19

Description:

(Description Provided by CVE) : Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.

[CLOSE] OSVDB ID : 61294 - Disclosed: 2009-12-24

Description:

(Description Provided by CVE) : Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.

[CLOSE] OSVDB ID : 62942 - Disclosed: 2009-12-23

Description:

WebKit contains a use-after-free error in the 'RenderText::positionLineBox' function in WebCore/rendering/RenderText.cpp when removing text boxes. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 60980 - Disclosed: 2009-12-15

Description:

Acrobat and Reader contain a flaw that may allow an attacker to execute arbitrary code. The issue is triggered by a use-after-free condition in Doc.media.newPlayer when parsing a specially crafted PDF file.

[CLOSE] OSVDB ID : 60847 - Disclosed: 2009-12-08

Description:

NTP contains a flaw that may allow a remote denial of service. The issue is triggered when ntpd processes specially crafted MODE_PRIVATE packets, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 61584 - Disclosed: 2009-12-07

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema.

[CLOSE] OSVDB ID : 60632 - Disclosed: 2009-12-02

Description:

(Description Provided by CVE) : Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 60488 - Disclosed: 2009-11-23

Description:

(Description Provided by CVE) : mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

[CLOSE] OSVDB ID : 60489 - Disclosed: 2009-11-23

Description:

(Description Provided by CVE) : mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

[CLOSE] OSVDB ID : 59957 - Disclosed: 2009-11-11

Description:

(Description Provided by CVE) : The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."

[CLOSE] OSVDB ID : 59699 - Disclosed: 2009-11-04

Description:

Shockwave Player contains a flaw related to the index handling that may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 59710 - Disclosed: 2009-11-03

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

[CLOSE] OSVDB ID : 59597 - Disclosed: 2009-11-02

Description:

Altiris and Management Platform are prone to an overflow condition. The ConsoleUtilities ActiveX control fails to properly sanitize user-supplied input to the BrowseAndSaveFile function resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 59384 - Disclosed: 2009-10-27

Description:

(Description Provided by CVE) : layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 59184 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

[CLOSE] OSVDB ID : 59183 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

[CLOSE] OSVDB ID : 59110 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.

[CLOSE] OSVDB ID : 59113 - Disclosed: 2009-10-21

Description:

Oracle Database Text contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ctxsys.drvxtabc.create_tables script not properly sanitizing user-supplied input to the 'idx_owner' and 'idx_name' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 58870 - Disclosed: 2009-10-14

Description:

Microsoft Office is prone to an integer overflow condition. The MSO.DLL library fails to properly sanitize user-supplied input when parsing the number of colours in bitmap images, resulting in a heap-based buffer overflow. With a specially crafted bitmap image embedded in an Office file, a context-dependent attacker can potentially execute arbitrary code on a user's system.

[CLOSE] OSVDB ID : 58864 - Disclosed: 2009-10-13

Description:

(Description Provided by CVE) : Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."

[CLOSE] OSVDB ID : 58876 - Disclosed: 2009-10-13

Description:

Windows contains a flaw that may allow a malicious user to execute remote code. The issue is triggered when a malicious user sends a specially crafted SMB Multi-Protocol Negotiate Request packet with a command value which Windows cannot process. It is possible that the flaw may allow execute remote code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58729 - Disclosed: 2009-10-08

Description:

A buffer overflow exists in Acrobat & Reader. The applications fail to validate PDF files resulting in an unspecified heap overflow overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58530 - Disclosed: 2009-10-05

Description:

(Description Provided by CVE) : Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 58504 - Disclosed: 2009-09-21

Description:

(Description Provided by CVE) : oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.

[CLOSE] OSVDB ID : 58505 - Disclosed: 2009-09-21

Description:

ffmpeg contains a flaw that may allow a remote denial of service. The issue is triggered when processing a specially crafted MJPG encoded AVI file which causes a dereference of invalid memory, and will result in loss of availability for the service