 |
|
|
|
| gzip integer overflow | | Published: |  | 21.01.2010 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10544 | | Type: |  | library | | Level: |  | 7/10 | | Description: |  | Integer overflow on LZW decompression. |
| Affected: |  | gzip : gzip 1.3 | | CVE: |  | CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.) |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 21.01.2010 | | Source: | | | | SecurityVulns ID: | | 10545 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Cisco CiscoWorks Internetwork Performance Monitor buffer overflow | | Published: | | 21.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10547 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow on CORBA GIP request processing. |
| Affected: | | CISCO : CiscoWorks IPM 2.6 | | CVE: | | CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.) |
Adobe Shockwave Player integer overflows
updated since 20.01.2010 | | Published: | | 21.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10535 | | Type: | | client | | Level: | | 7/10 | | Description: | | Integer overflows and buffer overflow on Shockwave processing. |
| Affected: | | ADOBE : Shockwave Player 11.5 | | CVE: | | CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.) | | | | CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.) |
HP Power Manager code execution
updated since 05.11.2009 | | Published: | | 21.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10370 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow during authentication via web form. Buffer overflow in /goform/formExportDataLogs, directory traversal. |
| Affected: | | HP : HP Power Manager 4.2 | | CVE: | | CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.) | | | | CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.) | | | | CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.) |
RealNetworks RealPlayer multiple security vulnerabilities
updated since 21.01.2010 | | Published: | | 02.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10548 | | Type: | | client | | Level: | | 6/10 | | Description: | | Memory corruptions, buffer overflows on different codecs and media formats. |
| Affected: | | REAL : RealPlayer 10.0 | | | | REAL : RealPlayer 11.0 | | CVE: | | CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.) | | | | CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.) | | | | CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.) | | | | CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.) | | | | CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.) | | | | CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow.") | | | | CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.) | | | | CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.) |
SAP Web AS multiple security vulnerabilities
updated since 21.01.2010 | | Published: | | 22.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10546 | | Type: | | local | | Level: | | 5/10 | | Description: | | Code execution with Internet Communication Framework, information leak, crossite scripting, directory traversal. |
|
|
|
|
|
|
|
|
