The SAP DB suffers from a web server stack overflow.
c823ea29d081276a258e94ba91c12010The SAP Internet Communication Manager suffers from a denial of service vulnerability.
e3f4853040c4be709e26414e2dbf44dfThe SAP Message Server suffers from a heap overflow vulnerability.
72db16bfa2209f429848a0d5b5240971The SAP Internet Graphics Server suffers from a cross site scripting vulnerability and a heap overflow vulnerability.
8a8ab41bdc4c3616dd7b721a26f9e1efEnjoySAP, the SAP GUI for Windows, suffers from a stack overflow vulnerability.
7858e6d835ccdceaaaa9e721ce70d344EnjoySAP, the SAP GUI for Windows, suffers from a heap overflow vulnerability.
8253022f79fe526d2c8b63ed60a3d7d8Symantec Security Advisory SYM07-002 - Vulnerabilities were identified in third-party trouble-shooting ActiveX controls, developed by SupportSoft, www.supportsoft.com. Two of these controls were signed, shipped and installed with the identified versions of Symantec's consumer products and as part of the Symantec Automated Support Assistant support tool. The vulnerability identified in the Symantec shipped controls could potentially result in a stack overflow requiring user interaction to exploit. If successfully exploited this vulnerability could potentially compromise a user's system possibly allowing execution of arbitrary code or unauthorized access to system assets with the permissions of the user's browser.
ef738e6cc836e4b569b9df1624c54701Oracle 10g R2 Enterprise Manager suffers from a classic directory traversal flaw. Details provided.
0c5b1958a382b2b56a78fd3ccad8e0f0BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote resource exhaustion vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause LGSERVER.EXE to write very large files to the system disk. In addition, the LGSERVER.EXE process becomes unresponsive until the file has been written.
f96044c51bcb9897bf083cf6eebbb52bBrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote denial of service vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause the process to terminate.
865b0f8edf04493798df6cd6397e3b54BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote c ode execution vulnerability. By sending a specially crafted packet to the LGSERVER.EXE process that listens on TCP port 1900, it is possible to cause a stack overflow that allows arbitrary code execution as Local System.
bb9d6d34d81c344270cf41343b5ab20aBrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote code execution vulnerability. By sending a specially crafted packet to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to execute arbitrary code as SYSTEM on a Windows Platform.
b7f57a2008ba7f24d464595979b82415NGSSoftware Insight Security Research Advisory - Sybase ASE versions prior to 12.5.3 ESD#1 suffer from multiple buffer overflows and denial of service vulnerabilities.
1392d5ea3050f7066d79e8fec0f1e656Various versions of Realplayer are susceptible to a heap overflow vulnerability in the .WAV file format when being opened. Under Windows, the following versions are affected: RealPlayer 10.5 (6.0.12.1056 and below), RealPlayer 10, RealOne Player V2, RealOne Player V1, RealPlayer 8, RealPlayer Enterprise. Under Linux, the following versions are affected: RealPlayer 10 (10.0.0.2 and below), Helix Player.
dd6093f2a24f68d4270f967975b7a600NGSSoftware Insight Security Research Advisory - Multiple vulnerabilities have been discovered in the AtHoc toolbar which can allow remote code execution through Internet Explorer when browsing to a specially crafted webpage.
62679db7da76b3863a3d74fff2664639NGSSoftware Insight Security Research Advisory #NISR2122004J - IBM's DB2 database server contains a function, rec2xml, used to format a string in XML. This function suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.
8131309f4210d2ed68cd045c14a04b82NGSSoftware Insight Security Research Advisory #NISR17042004 - By crafting malformed .R3T file it is possible to cause a stack based overruns in RealPlayer / RealOne Player. By forcing a browser to a website containing such a file, code could be executed on the target machine running in the context of the logged on user, alternatively the end user would be required to open the .R3T file as a mail attachment. Systems Affected: RealPlayer 8, RealOne Player, RealOne Player v2 for Windows only (all languages), RealPlayer 10 Beta (English only) and RealPlayer Enterprise (all versions, stand-alone and as configured by the RealPlayer Enterprise Manager).
8a44b94ceef060ecc84da83319fa44edNGSSoftware Insight Security Research Advisory #NISR19042004b - Symantec's Norton Internet Security 2004 Professional makes use of an ActiveX component that is marked safe for scripting, particularly WrapUM.dll. Using the LaunchURL method an attacker has the ability to force the browser to run arbitrary executables on the target.
463931f265ad4a0daff86e14957d6f76NGSSoftware Insight Security Research Advisory #NISR19042004a - Installed with Symantec's Norton AntiSpam 2004 product is an ActiveX component that is marked safe for scripting, particularly symspam.dll. However, when the method LaunchCustomRuleWizard is called with an overly long parameter, an attacker can cause a stack based overflow allowing for arbitrary code execution.
a351a8120d24537eb9f59f6ae9e60f6cNGSSoftware Insight Security Research Advisory #NISR04022004a - By crafting malformed .RP, .RT, .RAM, .RPM or .SMIL file, it is possible to cause heap and stack based overruns in RealPlayer / RealOne Player.
0d5f21938ce0d94310e6cd768dad55e2Sybase Adaptive Server Anywhere v9.0.0, the relational database at the core of SQL Anywhere Studio 8 contains over 50 vulnerabilities including format string overflows, buffer overflows, and denial of service conditions. Fix available here.
ccf2d70529b44d3c0360904cc678eac0NGSSoftware Insight Security Research Advisory #NISR18072003 - The WiTango application server is vulnerable to a remote system buffer overrun. By passing a long cookie to Witango_UserReference, a remote attacker can overwrite the saved return address on the stack. As Witango is installed as LocalSystem, any arbitrary code execution will run as SYSTEM.
19bf8c9a00cf2630859ae4db1d123e84NGSSoftware Insight Security Research Advisory #NISR2406-03 - WebAdmin.exe, a utility that allows remote administrators to control MDaemon, RelayFax, and WorldClient, has a remotely exploitable buffer overrun in the USER parameter that would allow a remote attacker to execute arbitrary code on the server.
a9fad58fc9ca8bf01e6e1040fcf5cfaeMailmax Version 5 has a buffer overflow condition in its IMAP4 server that can cause the service to stop responding and allows a remote attacker to overwrite the exception handler on the stack. Doing this could allow arbitrary code execution as the SYSTEM user.
8e2091f8285d63a80ce395cea651ee84NGSSoftware Insight Security Research Advisory #NISR07052003B - SLWebMail 3 is vulnerable to various buffer overflows in many of its ISAPI DLL applications including showlogin.dll, recman.dll, admin.dll, and globallogin.dll. It is also vulnerable to arbitrary file access via ShowGodLog.dll which does not even force authentication prior to use. Physical paths can also be determined by making invalid requests to certain DLLs.
a5a523964f494ad0e022b05aea0acfa5
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed