overwritten software vulnerabilities
vulnerabilities.aspcode.net
Searching overwritten software vulnerabilities
The permissions for system-critical data in an
system-critical
|
inappropriate
|
overwritten
|
permissions
|
obtainable
|
executable
|
directory
|
writeable
|
anonymous
|
commands
|
password
|
example
|
account
|
world
|
such
|
data
|
"ls"
|
real
|
root
|
file
|
FTP
|
can
|
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.
Multiple integer overflows in Microsoft ASN.1 l
overflows
|
Microsoft
|
Multiple
|
library
|
integer
|
ASN1
|
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
rexecd for AIX 4.3.3 does not properly use a lo
rexecd
|
AIX
|
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the autenticate function and assign privileges to the wrong user.
Stack-based buffer overflows in the (1) xmlvarc
Stack-based
|
overflows
|
buffer
|
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument.
SQL injection vulnerability in rss.php in MyBB
vulnerability
|
injection
|
rssphp
|
MyBB
|
SQL
|
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code.
index.php in EJ3 TOPo 2.2.178 allows remote att
indexphp
|
TOPo
|
EJ3
|
index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID.
** DISPUTED ** ProFTPD 1.3.0a and earlier does
CommandBufferSize
|
configuration
|
off-by-two
|
specified
|
underflow
|
properly
|
DISPUTED
|
earlier
|
ProFTPD
|
buffer
|
limit
|
which
|
leads
|
file
|
does
|
130a
|
size
|
set
|
not
|
** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
3proxy 0.5 to 0.5.2, when NT-encoded passwords
3proxy
|
3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten.
Heap-based buffer overflow in OpenOffice.org (O
OpenOfficeorg
|
Heap-based
|
overflow
|
buffer
|
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.
The import_request_variables function in PHP 4.
import_request_variables
|
function
|
PHP
|
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor.
Ipswitch IMail Server 2006 before 2006.21 allow
Ipswitch
|
Server
|
IMail
|
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
Software vulnerabilities results 1 to 12 of 12
Page:
1