[CLOSE] OSVDB ID : 52356 - Disclosed: 2009-02-25

Description:

(Description Provided by CVE) : Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method.

[CLOSE] OSVDB ID : 52747 - Disclosed: 2009-02-24

Description:

(Description Provided by CVE) : Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."

[CLOSE] OSVDB ID : 52830 - Disclosed: 2009-02-24

Description:

(Description Provided by CVE) : Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors.

[CLOSE] OSVDB ID : 52073 - Disclosed: 2009-02-20

Description:

A buffer overflow exists in Acrobat and Acrobat Reader. They fail to validate PDF files which use JBIG2 compression routines resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 52354 - Disclosed: 2009-02-16

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.

[CLOSE] OSVDB ID : 55735 - Disclosed: 2009-02-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 55736 - Disclosed: 2009-02-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53240 - Disclosed: 2009-02-06

Description:

(Description Provided by CVE) : Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205.

[CLOSE] OSVDB ID : 53980 - Disclosed: 2009-02-02

Description:

(Description Provided by CVE) : Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.

[CLOSE] OSVDB ID : 52453 - Disclosed: 2009-01-31

Description:

MySQL contains a flaw that may allow a remote denial of service. The issue is caused by an error when processing an XPath expression as a FilterExpr with ExtractValue() or UpdateXML, which will trigger an assertion failure and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 51693 - Disclosed: 2009-01-30

Description:

(Description Provided by CVE) : The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.

[CLOSE] OSVDB ID : 56434 - Disclosed: 2009-01-29

Description:

(Description Provided by CVE) : Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.

[CLOSE] OSVDB ID : 51643 - Disclosed: 2009-01-28

Description:

(Description Provided by CVE) : Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

[CLOSE] OSVDB ID : 51590 - Disclosed: 2009-01-26

Description:

(Description Provided by CVE) : Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods.

[CLOSE] OSVDB ID : 51592 - Disclosed: 2009-01-26

Description:

(Description Provided by CVE) : Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property.

[CLOSE] OSVDB ID : 51532 - Disclosed: 2009-01-23

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value.

[CLOSE] OSVDB ID : 53242 - Disclosed: 2009-01-22

Description:

(Description Provided by CVE) : Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.

[CLOSE] OSVDB ID : 51525 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.

[CLOSE] OSVDB ID : 51682 - Disclosed: 2009-01-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 51454 - Disclosed: 2009-01-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 51343 - Disclosed: 2009-01-14

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

[CLOSE] OSVDB ID : 51344 - Disclosed: 2009-01-14

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

[CLOSE] OSVDB ID : 51317 - Disclosed: 2009-01-14

Description:

(Description Provided by CVE) : Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module.

[CLOSE] OSVDB ID : 51340 - Disclosed: 2009-01-14

Description:

A buffer overflow exists in Oracle Secure Backup. The application fails to validate data passed to the NDMP_CONECT_CLIENT_AUTH command resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 51342 - Disclosed: 2009-01-14

Description:

Oracle Secure Backup contains a flaw that may allow an attacker to execute arbitrary commands. The issue is triggered when the exec_qr() function in the login.php script receives malformed data in the '$rbtool' parameter, which is later passed to the popen() function, resulting in arbitrary command execution.

[CLOSE] OSVDB ID : 51354 - Disclosed: 2009-01-14

Description:

Oracle Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the MDSYS.SDO_TOPO_DROP_FTBL trigger script not properly sanitizing user-supplied input. This may allow an attacker to escalate privilege to MDSYS.

[CLOSE] OSVDB ID : 52619 - Disclosed: 2009-01-14

Description:

(Description Provided by CVE) : Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.

[CLOSE] OSVDB ID : 52618 - Disclosed: 2009-01-14

Description:

(Description Provided by CVE) : Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream.

[CLOSE] OSVDB ID : 51357 - Disclosed: 2009-01-14

Description:

(Description Provided by CVE) : Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors.

[CLOSE] OSVDB ID : 51370 - Disclosed: 2009-01-14

Description:

(Description Provided by CVE) : Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 51311 - Disclosed: 2009-01-13

Description:

A buffer overflow exists in WebLogic Server. The connector plugin for multiple web servers fails to validate the JSESSIONID cookies resulting in a buffer overflow. With a specially crafted HTTP packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 52692 - Disclosed: 2009-01-13

Description:

Microsoft Windows contains a flaw related to SMB protocol in Server service. The issue is triggered when a remote attacker sends an NTTrans2 request with malformed values of unspecified fields in the SMB packet. This may allow an attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 51384 - Disclosed: 2009-01-13

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.

[CLOSE] OSVDB ID : 51273 - Disclosed: 2009-01-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 51333 - Disclosed: 2009-01-13

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

[CLOSE] OSVDB ID : 64539 - Disclosed: 2009-01-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 51276 - Disclosed: 2009-01-12

Description:

(Description Provided by CVE) : Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.

[CLOSE] OSVDB ID : 53218 - Disclosed: 2009-01-07

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.

[CLOSE] OSVDB ID : 53219 - Disclosed: 2009-01-07

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.

[CLOSE] OSVDB ID : 53220 - Disclosed: 2009-01-07

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.