[CLOSE] OSVDB ID : 46827 - Disclosed: 2008-06-18

Description:

(Description Provided by CVE) : Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.

[CLOSE] OSVDB ID : 46194 - Disclosed: 2008-06-12

Description:

A buffer overflow exists in iPrint Client for Windows. The ienipp.ocx ActiveX control fails to validate data passed to the 'operation,' 'printer-url' and 'target-frame' parameters resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 46105 - Disclosed: 2008-06-11

Description:

CitectSCADA contains an overflow condition in the ODBC Service. The issue is triggered as the size of the second packet received by the service after an initial 4-byte packet is not verified before copying it into a stack buffer. With a specially crafted request, a remote attacker can cause a stack-based buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

[CLOSE] OSVDB ID : 46073 - Disclosed: 2008-06-10

Description:

(Description Provided by CVE) : Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.

[CLOSE] OSVDB ID : 46083 - Disclosed: 2008-06-10

Description:

A memory corruption flaw exists in Internet Explorer. IE fails to validate HTML objects resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 46263 - Disclosed: 2008-06-09

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.

[CLOSE] OSVDB ID : 46267 - Disclosed: 2008-06-09

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.

[CLOSE] OSVDB ID : 46264 - Disclosed: 2008-06-09

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.

[CLOSE] OSVDB ID : 46265 - Disclosed: 2008-06-09

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.

[CLOSE] OSVDB ID : 46266 - Disclosed: 2008-06-09

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.

[CLOSE] OSVDB ID : 46041 - Disclosed: 2008-06-05

Description:

A buffer overflow exists in GroupWise Messenger. The client fails to validate HTTP responses resulting in a stack overflow. With a specially crafted response, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 46239 - Disclosed: 2008-06-04

Description:

(Description Provided by CVE) : The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.

[CLOSE] OSVDB ID : 46012 - Disclosed: 2008-06-04

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

[CLOSE] OSVDB ID : 46013 - Disclosed: 2008-06-04

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

[CLOSE] OSVDB ID : 45924 - Disclosed: 2008-06-04

Description:

A buffer overflow exists in HP StorageWorks Storage Mirroring. HP StorageWorks Storage Mirroring fails to verify the length of user-supplied login information resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 45854 - Disclosed: 2008-06-01

Description:

(Description Provided by CVE) : Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.

[CLOSE] OSVDB ID : 45657 - Disclosed: 2008-05-28

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

[CLOSE] OSVDB ID : 45724 - Disclosed: 2008-05-27

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 45658 - Disclosed: 2008-05-27

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control in NCTAudioGrabber2.dll allow remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 45610 - Disclosed: 2008-05-21

Description:

A remote overflow exists in Lotus Domino Sametime Server. The Multiplexer StMux.exe in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, fails to restrict string lengths in a POST request resulting in a stack based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 45422 - Disclosed: 2008-05-20

Description:

(Description Provided by CVE) : Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467.

[CLOSE] OSVDB ID : 45415 - Disclosed: 2008-05-20

Description:

A remote overflow exists in IBM Lotus Domino server. The Web Server component fails to check string lengths in the Accept-Language header resulting in a stack overflow. With a specially crafted request, an attacker can execute code remotely resulting in a loss of integrity.

[CLOSE] OSVDB ID : 45374 - Disclosed: 2008-05-19

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters.

[CLOSE] OSVDB ID : 45368 - Disclosed: 2008-05-19

Description:

(Description Provided by CVE) : Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.

[CLOSE] OSVDB ID : 44904 - Disclosed: 2008-05-07

Description:

(Description Provided by CVE) : Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 44852 - Disclosed: 2008-05-06

Description:

(Description Provided by CVE) : The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.

[CLOSE] OSVDB ID : 44662 - Disclosed: 2008-04-24

Description:

(Description Provided by CVE) : Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.

[CLOSE] OSVDB ID : 44663 - Disclosed: 2008-04-24

Description:

(Description Provided by CVE) : Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.

[CLOSE] OSVDB ID : 44664 - Disclosed: 2008-04-24

Description:

(Description Provided by CVE) : Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.

[CLOSE] OSVDB ID : 44665 - Disclosed: 2008-04-24

Description:

(Description Provided by CVE) : Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.

[CLOSE] OSVDB ID : 44666 - Disclosed: 2008-04-24

Description:

(Description Provided by CVE) : Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.

[CLOSE] OSVDB ID : 44767 - Disclosed: 2008-04-24

Description:

(Description Provided by CVE) : Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.

[CLOSE] OSVDB ID : 44868 - Disclosed: 2008-04-24

Description:

(Description Provided by CVE) : Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

[CLOSE] OSVDB ID : 44579 - Disclosed: 2008-04-21

Description:

(Description Provided by CVE) : Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244.

[CLOSE] OSVDB ID : 44649 - Disclosed: 2008-04-18

Description:

(Description Provided by CVE) : The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.

[CLOSE] OSVDB ID : 44562 - Disclosed: 2008-04-17

Description:

(Description Provided by CVE) : The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.

[CLOSE] OSVDB ID : 44423 - Disclosed: 2008-04-16

Description:

(Description Provided by CVE) : The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.

[CLOSE] OSVDB ID : 44455 - Disclosed: 2008-04-11

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244.

[CLOSE] OSVDB ID : 44654 - Disclosed: 2008-04-11

Description:

(Description Provided by CVE) : ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure.

[CLOSE] OSVDB ID : 44282 - Disclosed: 2008-04-09

Description:

(Description Provided by CVE) : Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.