size software vulnerabilities

Searching size software vulnerabilities

Zyxel Prestige 681 and 1600 SDSL Routers allow

Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.

The Linux 2.0 kernel IP stack does not properly

The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.

The tvb_get_nstringz0 function in Ethereal 0.9.

tvb_get_nstringz0 | Ethereal | function |

The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.

saned in sane-backends 1.0.7 and earlier calls

sane-backends | saned |

saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before

before | 244x | GDM |

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).

osTicket trusts a hidden form field in the subm

osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size.

Buffer overflow in the SDO_CODE_SIZE peocedure

Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

The Javascript engine in Opera 7.23 allows remo

Javascript | engine | Opera |

The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a large size value, then writing into that array.

Microsoft Internet Explorer 5.5 and 6.0 allocat

Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.

The coda_pioctl function in the coda functional

functionality | coda_pioctl | function | coda |

The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow.

PHP 4 (PHP4) allows attackers to cause a denial

PHP |

PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.

Scrapland 1.0 and earlier allows remote attacke

Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets.

The MIDL_user_allocate function in the Microsof

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

NetPanzer 0.8 and earlier allows remote attacke

NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size.

Mantis before 0.19.4 allows remote attackers to

before | Mantis |

Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.

Buffer overflow in swfformat.dll in multiple Re

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a a size value that is less than the actual size, or (2) other unspecified manipulations.

The do_gameinfo function in BomberClone 0.11.6

BomberClone | do_gameinfo | function |

The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.

Buffer overflow in WFTPD Server 3.23 allows rem

overflow | Server | Buffer | WFTPD |

Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.

The (1) hugetlb_vmtruncate_list and (2) hugetlb

The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.

Heap-based buffer overflow in the flac_buffer_c

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

Software vulnerabilities results 1 to 20 of 182

Page: 12 3 4 5...10 ►

size software vulnerabilities

vulnerabilities.aspcode.net

Searching size software vulnerabilities