integer

170 items tagged "integer"

Related tags: idefense security advisory [+], heap [+], array [+], arbitrary code [+], heap corruption [+], winamp [+], safer use [+], oracle java [+], idefense [+], gentoo linux security [+], integer overflow vulnerability [+], integer overflow [+], zero [+], teechart [+], memory corruption [+], martin barbella [+], linux kernel [+], linux [+], kernel [+], http header [+], heap allocation [+], denial of service [+], day [+], barbella [+], arbitrary code execution [+], overflow [+], sterling trader [+], sterling [+], mozilla [+], microsoft [+], apple mac os x [+], ziproxy [+], reader [+], oracle [+], opera [+], nargs [+], microsoft reader [+], java [+], iconics [+], gnu [+], glibc [+], xnview [+], x server [+], x quicktime [+], x imageio [+], winamp versions [+], webkit [+], tiff [+], target machine [+], shell session [+], ruby [+], realnetworks inc [+], professional [+], png images [+], plotlinecentral [+], overflow code [+], ngs [+], net [+], mozilla firefox [+], memory allocations [+], mac os x server [+], mac os [+], linux version [+], library [+], lib [+], htaccess file [+], ghostscript [+], gdi [+], framework [+], dominic chell [+], dll [+], createdashedpath [+], corruption [+], color profiles [+], avi processing [+], avi [+], array functions [+], arithmetic operation [+], apple safari [+], apache [+], activex control [+], activex [+], wxgtk [+], ubuntu [+], truncation [+], problem [+], png file [+], png [+], penetration [+], overflow errors [+], null pointer dereference [+], microsoft corp [+], mandriva linux [+], kpdf [+], keyview [+], jpeg [+], instantiate [+], information disclosure vulnerability [+], foobar [+], file [+], datahub [+], colorsync profile [+], cogent [+], code execution [+], code [+], class integer [+], class [+], bugtraq [+], buffer overflows [+], buffer overflow condition [+], buffer [+], bigdecimal [+], autonomy [+], agentx [+], xmms skins [+], xmms [+], x jpeg encoded [+], x cve [+], x coregraphics [+], x colorsync [+], winamp player [+], underflow [+], tiff images [+], thunderbird [+], text [+], swftools [+], skins [+], sid [+], s system [+], remote [+], realnetworks [+], player [+], php version [+], php [+], paint [+], org [+], openoffice [+], numberformatter [+], nmap [+], ms10 [+], microsoft paint [+], metasploit [+], mac text [+], jpeg encoded [+], glsa [+], genesis [+], freetype [+], ffmpeg [+], exploits [+], dll module [+], dalili [+], cupsimagereadtiff [+], cups [+], css selectors [+], codec [+], chris evans [+], buffer overflow [+], block [+], audio [+], apple lossless [+], apple itunes [+], function [+], bzip2 [+], bzip [+], vulnerability [+], based buffer overflow [+], xpdf [+], proof of concept [+], multiple [+], overflow error [+], firefox [+], apple mac os [+]

May 16, 2012
14:08
Bugtraq: CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
» ‎ SecurityFocus Vulnerabilities

CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
Tags: org integer openoffice overflow-error integer-overflow dll-module
April 30, 2012
0:00
Vuln: GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
Tags: integer glibc gnu integer-overflow nargs

April 23, 2012
13:42
.NET Framework EncoderParameter Integer Overflow
» ‎ Packet Storm Security Exploits

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
Tags: integer framework net integer-overflow-vulnerability heap corruption

13:42
.NET Framework EncoderParameter Integer Overflow
» ‎ Packet Storm Security Recent Files

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
Tags: integer framework net integer-overflow-vulnerability heap corruption

13:42
.NET Framework EncoderParameter Integer Overflow
» ‎ Packet Storm Security Misc. Files

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
Tags: integer framework net integer-overflow-vulnerability heap corruption

March 29, 2012
0:00
Vuln: GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
Tags: integer glibc gnu integer-overflow nargs
March 20, 2012
0:00
Vuln: GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
Tags: integer glibc gnu integer-overflow nargs
March 15, 2012
0:00
Vuln: GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
Tags: integer glibc gnu integer-overflow nargs
March 08, 2012
0:00
Vuln: Apple Mac OS X CVE-2011-3453 Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple Mac OS X CVE-2011-3453 Integer Overflow Vulnerability
Tags: integer vulnerability overflow x-cve- apple-mac-os integer-overflow-vulnerability apple-mac-os-x

February 27, 2012
7:55
Mozilla Firefox 4.0.1 Integer Overflow
» ‎ Packet Storm Security Exploits

Mozilla Firefox version 4.0.1 Array.reduceRight() integer overflow exploit.
Tags: integer mozilla firefox integer-overflow mozilla-firefox array

7:55
Mozilla Firefox 4.0.1 Integer Overflow
» ‎ Packet Storm Security Recent Files

Mozilla Firefox version 4.0.1 Array.reduceRight() integer overflow exploit.
Tags: integer mozilla firefox integer-overflow mozilla-firefox array

7:55
Mozilla Firefox 4.0.1 Integer Overflow
» ‎ Packet Storm Security Misc. Files

Mozilla Firefox version 4.0.1 Array.reduceRight() integer overflow exploit.
Tags: integer mozilla firefox integer-overflow mozilla-firefox array

February 16, 2012
19:34
XnView 1.98.5 Integer / Heap Overflows
» ‎ Packet Storm Security Exploits

XnView versions 1.98.5 and below suffer from an integer overflow and multiple heap overflows. Proof of concept code included.
Tags: integer xnview heap integer-overflow proof-of-concept

19:34
XnView 1.98.5 Integer / Heap Overflows
» ‎ Packet Storm Security Recent Files

XnView versions 1.98.5 and below suffer from an integer overflow and multiple heap overflows. Proof of concept code included.
Tags: integer xnview heap integer-overflow proof-of-concept

19:34
XnView 1.98.5 Integer / Heap Overflows
» ‎ Packet Storm Security Misc. Files

XnView versions 1.98.5 and below suffer from an integer overflow and multiple heap overflows. Proof of concept code included.
Tags: integer xnview heap integer-overflow proof-of-concept

February 02, 2012
16:32
Opera 11.60 Array Integer Overflow
» ‎ Packet Storm Security Exploits

Code Audit Labs has discovered an integer overflow vulnerability in array functions like Int32Array, Int16Array, etc in Opera versions 11.60 and below.
Tags: integer array opera integer-overflow-vulnerability overflow-code array-functions

16:32
Opera 11.60 Array Integer Overflow
» ‎ Packet Storm Security Recent Files

Code Audit Labs has discovered an integer overflow vulnerability in array functions like Int32Array, Int16Array, etc in Opera versions 11.60 and below.
Tags: integer array opera integer-overflow-vulnerability overflow-code array-functions

16:32
Opera 11.60 Array Integer Overflow
» ‎ Packet Storm Security Misc. Files

Code Audit Labs has discovered an integer overflow vulnerability in array functions like Int32Array, Int16Array, etc in Opera versions 11.60 and below.
Tags: integer array opera integer-overflow-vulnerability overflow-code array-functions

11:01
Bugtraq: [CAL-2012-0004] opera array integer overflow
» ‎ SecurityFocus Vulnerabilities

[CAL-2012-0004] opera array integer overflow
Tags: array opera integer integer-overflow bugtraq

December 12, 2011
5:11
Winamp AVI Processing Two Integer Overflows
» ‎ Packet Storm Security Advisories

Secunia Research has discovered two vulnerabilities in Winamp version 5.622, which can be exploited by malicious people to compromise a user's system. An integer overflow error in the in_avi.dll plugin when allocating memory using the number of streams header value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. An integer overflow error in the in_avi.dll plugin when allocating memory using the RIFF INFO chunk's size value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file.
Tags: integer overflow winamp avi avi-processing based-buffer-overflow overflow-error integer-overflow

5:11
Winamp AVI Processing Two Integer Overflows
» ‎ Packet Storm Security Recent Files

Secunia Research has discovered two vulnerabilities in Winamp version 5.622, which can be exploited by malicious people to compromise a user's system. An integer overflow error in the in_avi.dll plugin when allocating memory using the number of streams header value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. An integer overflow error in the in_avi.dll plugin when allocating memory using the RIFF INFO chunk's size value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file.
Tags: integer overflow winamp avi avi-processing based-buffer-overflow overflow-error integer-overflow

5:11
Winamp AVI Processing Two Integer Overflows
» ‎ Packet Storm Security Misc. Files

Secunia Research has discovered two vulnerabilities in Winamp version 5.622, which can be exploited by malicious people to compromise a user's system. An integer overflow error in the in_avi.dll plugin when allocating memory using the number of streams header value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. An integer overflow error in the in_avi.dll plugin when allocating memory using the RIFF INFO chunk's size value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file.
Tags: integer overflow winamp avi avi-processing based-buffer-overflow overflow-error integer-overflow

November 21, 2011
11:34
Oracle Java ICC Profile "scrn" Tag Integer Overflow and Code Execution Vulnerability
» ‎ SecuriTeam

Oracle Java contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM)
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: java integer oracle overflow-error integer-overflow oracle-java
November 16, 2011
21:14
Oracle Java ICC Profile "pseq" Tag Integer Overflow and Code Execution Vulnerability
» ‎ SecuriTeam

Oracle Java Contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: java integer oracle overflow-error integer-overflow oracle-java
November 14, 2011
10:34
Oracle Java ICC Profile "mluc" Tag Integer Overflow and Code Execution Vulnerability
» ‎ SecuriTeam

Oracle Java contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: java integer oracle overflow-error integer-overflow oracle-java
10:29
Oracle Java ICC Profile "clrt" Tag Integer Overflow and Code Execution Vulnerability
» ‎ SecuriTeam

Oracle Java contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: java integer oracle overflow-error integer-overflow oracle-java

November 02, 2011
7:54
Apache ap_pregsub Integer Overflow
» ‎ Packet Storm Security Advisories

An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
Tags: integer overflow apache integer-overflow htaccess-file arbitrary-code

7:54
Apache ap_pregsub Integer Overflow
» ‎ Packet Storm Security Recent Files

An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
Tags: integer overflow apache integer-overflow htaccess-file arbitrary-code

7:54
Apache ap_pregsub Integer Overflow
» ‎ Packet Storm Security Misc. Files

An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
Tags: integer overflow apache integer-overflow htaccess-file arbitrary-code

October 31, 2011
15:07
PlotLineCentral Integer Overflow
» ‎ Packet Storm Security Exploits

PlotLineCentral suffers from an integer overflow vulnerability.
Tags: integer plotlinecentral overflow integer-overflow-vulnerability

15:07
PlotLineCentral Integer Overflow
» ‎ Packet Storm Security Recent Files

PlotLineCentral suffers from an integer overflow vulnerability.
Tags: integer plotlinecentral overflow integer-overflow-vulnerability

15:07
PlotLineCentral Integer Overflow
» ‎ Packet Storm Security Misc. Files

PlotLineCentral suffers from an integer overflow vulnerability.
Tags: integer plotlinecentral overflow integer-overflow-vulnerability

October 24, 2011
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2

October 12, 2011
19:49
Mozilla Firefox Integer Overflow
» ‎ Packet Storm Security Exploits

Mozilla Firefox Array.reduceRight() integer overflow exploit.
Tags: integer mozilla firefox integer-overflow array

19:49
Mozilla Firefox Integer Overflow
» ‎ Packet Storm Security Misc. Files

Mozilla Firefox Array.reduceRight() integer overflow exploit.
Tags: integer mozilla firefox integer-overflow array

September 28, 2011
9:00
Bugtraq: Integer overflow in Sterling Trader 7.0.2
» ‎ SecurityFocus Vulnerabilities

Integer overflow in Sterling Trader 7.0.2
Tags: bugtraq integer overflow sterling-trader integer-overflow sterling

September 26, 2011
15:14
Sterling Trader 7.0.2 Integer Overflow
» ‎ Packet Storm Security Exploits

Sterling Trader versions 7.0.2 and below suffer from an integer overflow vulnerability.
Tags: integer vulnerability overflow sterling-trader integer-overflow-vulnerability sterling

15:14
Sterling Trader 7.0.2 Integer Overflow
» ‎ Packet Storm Security Recent Files

Sterling Trader versions 7.0.2 and below suffer from an integer overflow vulnerability.
Tags: integer vulnerability overflow sterling-trader integer-overflow-vulnerability sterling

15:14
Sterling Trader 7.0.2 Integer Overflow
» ‎ Packet Storm Security Misc. Files

Sterling Trader versions 7.0.2 and below suffer from an integer overflow vulnerability.
Tags: integer vulnerability overflow sterling-trader integer-overflow-vulnerability sterling

0:00
Vuln: Sterling Trader Remote Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Sterling Trader Remote Integer Overflow Vulnerability
Tags: integer remote overflow sterling-trader integer-overflow-vulnerability sterling

September 14, 2011
14:56
iDefense Security Advisory 09.13.11 - Excel Integer Signedness
» ‎ Packet Storm Security Advisories

iDefense Security Advisory 09.13.11 - Remote exploitation of an integer signedness vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability is an integer signedness issue that leads to an invalid array indexing vulnerability. It is triggered by a certain record with a negative 'iax' field.
Tags: integer idefense vulnerability idefense-security-advisory microsoft-corp arbitrary-code

14:56
iDefense Security Advisory 09.13.11 - Excel Integer Signedness
» ‎ Packet Storm Security Misc. Files

iDefense Security Advisory 09.13.11 - Remote exploitation of an integer signedness vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability is an integer signedness issue that leads to an invalid array indexing vulnerability. It is triggered by a certain record with a negative 'iax' field.
Tags: integer idefense vulnerability idefense-security-advisory microsoft-corp arbitrary-code

September 13, 2011
21:26
Cogent Datahub 7.1.1.63 Integer Overflow
» ‎ Packet Storm Security Recent Files

Cogent Datahub versions 7.1.1.63 and below suffer from an integer overflow vulnerability. Proof of concept code included.
Tags: integer cogent datahub integer-overflow-vulnerability proof-of-concept

21:26
Cogent Datahub 7.1.1.63 Integer Overflow
» ‎ Packet Storm Security Misc. Files

Cogent Datahub versions 7.1.1.63 and below suffer from an integer overflow vulnerability. Proof of concept code included.
Tags: integer cogent datahub integer-overflow-vulnerability proof-of-concept

August 17, 2011
0:00
Vuln: Apple Mac OS X Quicktime (CVE-2011-0256) Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple Mac OS X Quicktime (CVE-2011-0256) Integer Overflow Vulnerability
Tags: integer vulnerability overflow apple-mac-os x-quicktime integer-overflow-vulnerability apple-mac-os-x

August 13, 2011
13:18
TeeChart Professional ActiveX Control 2010.0.0.3 Trusted Integer Dereference
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
Tags: integer teechart activex arithmetic-operation integer-overflow activex-control

13:18
TeeChart Professional ActiveX Control 2010.0.0.3 Trusted Integer Dereference
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
Tags: integer teechart activex arithmetic-operation integer-overflow activex-control

13:18
TeeChart Professional ActiveX Control 2010.0.0.3 Trusted Integer Dereference
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
Tags: integer teechart activex arithmetic-operation integer-overflow activex-control

August 11, 2011
21:55
TeeChart Professional Integer Overflow
» ‎ Packet Storm Security Advisories

TeeChart Professional suffers from an integer overflow vulnerability.
Tags: integer teechart professional integer-overflow-vulnerability

21:55
TeeChart Professional Integer Overflow
» ‎ Packet Storm Security Recent Files

TeeChart Professional suffers from an integer overflow vulnerability.
Tags: integer teechart professional integer-overflow-vulnerability

21:55
TeeChart Professional Integer Overflow
» ‎ Packet Storm Security Misc. Files

TeeChart Professional suffers from an integer overflow vulnerability.
Tags: integer teechart professional integer-overflow-vulnerability

August 10, 2011
21:45
iDefense Security Advisory 08.09.11 - Flash Player Integer Overflow
» ‎ Packet Storm Security Advisories

iDefense Security Advisory 08.09.11 - Remote exploitation of an integer overflow vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. During the allocation of an array within a certain internal ActionScript function, a size calculation may cause an integer value to overflow. This condition may lead to the bounds of an undersized array being overflown during a memory copy operation. This can result in arbitrary code execution.
Tags: integer idefense overflow integer-overflow-vulnerability arbitrary-code-execution idefense-security-advisory

21:45
iDefense Security Advisory 08.09.11 - Flash Player Integer Overflow
» ‎ Packet Storm Security Recent Files

iDefense Security Advisory 08.09.11 - Remote exploitation of an integer overflow vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. During the allocation of an array within a certain internal ActionScript function, a size calculation may cause an integer value to overflow. This condition may lead to the bounds of an undersized array being overflown during a memory copy operation. This can result in arbitrary code execution.
Tags: integer idefense overflow integer-overflow-vulnerability arbitrary-code-execution idefense-security-advisory

21:45
iDefense Security Advisory 08.09.11 - Flash Player Integer Overflow
» ‎ Packet Storm Security Misc. Files

iDefense Security Advisory 08.09.11 - Remote exploitation of an integer overflow vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. During the allocation of an array within a certain internal ActionScript function, a size calculation may cause an integer value to overflow. This condition may lead to the bounds of an undersized array being overflown during a memory copy operation. This can result in arbitrary code execution.
Tags: integer idefense overflow integer-overflow-vulnerability arbitrary-code-execution idefense-security-advisory

August 05, 2011
0:00
Vuln: Apple Mac OS X Quicktime (CVE-2011-0209) Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple Mac OS X Quicktime (CVE-2011-0209) Integer Overflow Vulnerability
Tags: integer vulnerability overflow apple-mac-os x-quicktime integer-overflow-vulnerability apple-mac-os-x
July 26, 2011
0:00
Vuln: XMMS Skins Integer Overflow And Underflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

XMMS Skins Integer Overflow And Underflow Vulnerabilities
Tags: integer skins xmms xmms-skins integer-overflow underflow
July 22, 2011
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
July 21, 2011
0:00
Vuln: Apple Mac OS X CoreGraphics (CVE-2011-0202) Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple Mac OS X CoreGraphics (CVE-2011-0202) Integer Overflow Vulnerability
Tags: integer vulnerability overflow x-coregraphics apple-mac-os integer-overflow-vulnerability apple-mac-os-x
0:00
Vuln: Apple Mac OS X ColorSync (CVE-2011-0200) Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple Mac OS X ColorSync (CVE-2011-0200) Integer Overflow Vulnerability
Tags: integer vulnerability overflow x-colorsync apple-mac-os integer-overflow-vulnerability apple-mac-os-x

July 18, 2011
19:47
Iconics GENESIS32 Integer Overflow
» ‎ Packet Storm Security Exploits

Iconics GENESIS32 version 9.21.201.01 suffers from an integer overflow vulnerability. The GenBroker service on port 38080 is affected by three integer overflow vulnerabilities while handling opcode 0x4b0, which is caused by abusing the the memory allocations needed for the number of elements passed by the client. This results unexpected behaviors such as direct registry calls, memory location calls, or arbitrary remote code execution. Please note that in order to ensure reliability, this exploit will try to open calc (hidden), inject itself into the process, and then open up a shell session. Also, DEP bypass is supported.
Tags: iconics integer overflow integer-overflow-vulnerability memory-allocations shell-session

19:47
Iconics GENESIS32 Integer Overflow
» ‎ Packet Storm Security Recent Files

Iconics GENESIS32 version 9.21.201.01 suffers from an integer overflow vulnerability. The GenBroker service on port 38080 is affected by three integer overflow vulnerabilities while handling opcode 0x4b0, which is caused by abusing the the memory allocations needed for the number of elements passed by the client. This results unexpected behaviors such as direct registry calls, memory location calls, or arbitrary remote code execution. Please note that in order to ensure reliability, this exploit will try to open calc (hidden), inject itself into the process, and then open up a shell session. Also, DEP bypass is supported.
Tags: iconics integer overflow integer-overflow-vulnerability memory-allocations shell-session

19:47
Iconics GENESIS32 Integer Overflow
» ‎ Packet Storm Security Misc. Files

Iconics GENESIS32 version 9.21.201.01 suffers from an integer overflow vulnerability. The GenBroker service on port 38080 is affected by three integer overflow vulnerabilities while handling opcode 0x4b0, which is caused by abusing the the memory allocations needed for the number of elements passed by the client. This results unexpected behaviors such as direct registry calls, memory location calls, or arbitrary remote code execution. Please note that in order to ensure reliability, this exploit will try to open calc (hidden), inject itself into the process, and then open up a shell session. Also, DEP bypass is supported.
Tags: iconics integer overflow integer-overflow-vulnerability memory-allocations shell-session

19:28
GDI+ CreateDashedPath Integer Overflow
» ‎ Packet Storm Security Exploits

GDI+ CreateDashedPath suffers from an integer overflow vulnerability in gdiplus.dll.
Tags: integer gdi createdashedpath integer-overflow-vulnerability dll

19:28
GDI+ CreateDashedPath Integer Overflow
» ‎ Packet Storm Security Recent Files

GDI+ CreateDashedPath suffers from an integer overflow vulnerability in gdiplus.dll.
Tags: integer gdi createdashedpath integer-overflow-vulnerability dll

19:28
GDI+ CreateDashedPath Integer Overflow
» ‎ Packet Storm Security Misc. Files

GDI+ CreateDashedPath suffers from an integer overflow vulnerability in gdiplus.dll.
Tags: integer gdi createdashedpath integer-overflow-vulnerability dll

July 16, 2011
21:00
[remote exploits] - Iconics GENESIS32 Integer overflow version 9.21.201.01
» ‎ 1337day (was: Inj3ct0r, 1337db)

[remote exploits] - Iconics GENESIS32 Integer overflow version 9.21.201.01
Tags: iconics integer genesis integer-overflow exploits

July 06, 2011
17:58
foobar2000 1.1.7 Integer Overflow
» ‎ Packet Storm Security Exploits

foobar2000 versions 1.1.7 and below suffer from an integer overflow vulnerability.
Tags: integer foobar overflow integer-overflow-vulnerability

17:58
foobar2000 1.1.7 Integer Overflow
» ‎ Packet Storm Security Recent Files

foobar2000 versions 1.1.7 and below suffer from an integer overflow vulnerability.
Tags: integer foobar overflow integer-overflow-vulnerability

July 01, 2011
6:14
Winamp 5.61 Heap / Integer Overflows
» ‎ Packet Storm Security Exploits

Winamp versions 5.61 and below suffer from multiple heap overflows and corruption and an integer overflow. Proof of concept code included.
Tags: integer heap winamp winamp-versions integer-overflow proof-of-concept

6:14
Winamp 5.61 Heap / Integer Overflows
» ‎ Packet Storm Security Recent Files

Winamp versions 5.61 and below suffer from multiple heap overflows and corruption and an integer overflow. Proof of concept code included.
Tags: integer heap winamp winamp-versions integer-overflow proof-of-concept

6:14
Winamp 5.61 Heap / Integer Overflows
» ‎ Packet Storm Security Misc. Files

Winamp versions 5.61 and below suffer from multiple heap overflows and corruption and an integer overflow. Proof of concept code included.
Tags: integer heap winamp winamp-versions integer-overflow proof-of-concept

June 29, 2011
0:00
Vuln: Apple Mac OS X Quicktime 'Apple Lossless Audio Codec' Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple Mac OS X Quicktime 'Apple Lossless Audio Codec' Integer Overflow Vulnerability
Tags: integer audio codec apple-lossless apple-mac-os x-quicktime integer-overflow-vulnerability

June 28, 2011
17:39
Apple Safari WebKit Block Dimensions Handling Integer Overflow Vulnerability
» ‎ SecuriTeam

Apple Safari Contains a vulnerability is caused by an integer overflow error in the WebKit library when handling block dimensions.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: block integer webkit apple-safari integer-overflow-vulnerability overflow-error

0:00
Vuln: Apple Mac OS X JPEG-encoded TIFF Images Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple Mac OS X JPEG-encoded TIFF Images Integer Overflow Vulnerability
Tags: jpeg-encoded integer overflow x-jpeg-encoded apple-mac-os tiff-images integer-overflow-vulnerability
0:00
Vuln: Ruby 'BigDecimal' Class Integer Truncation Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Ruby 'BigDecimal' Class Integer Truncation Remote Code Execution Vulnerability
Tags: integer bigdecimal class ruby code-execution class-integer vulnerability

June 08, 2011
17:46
Zero Day Initiative Advisory 11-189
» ‎ Packet Storm Security Advisories

Zero Day Initiative Advisory 11-189 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'ncl2' tag with an invalid value for DevCoords count it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
Tags: day zero integer heap-allocation memory-corruption oracle-java

17:46
Zero Day Initiative Advisory 11-189
» ‎ Packet Storm Security Recent Files

Zero Day Initiative Advisory 11-189 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'ncl2' tag with an invalid value for DevCoords count it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
Tags: day zero integer heap-allocation memory-corruption oracle-java

17:46
Zero Day Initiative Advisory 11-189
» ‎ Packet Storm Security Misc. Files

Zero Day Initiative Advisory 11-189 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'ncl2' tag with an invalid value for DevCoords count it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
Tags: day zero integer heap-allocation memory-corruption oracle-java

16:43
Zero Day Initiative Advisory 11-185
» ‎ Packet Storm Security Advisories

Zero Day Initiative Advisory 11-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'bfd ' tag it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
Tags: day zero integer heap-allocation memory-corruption color-profiles

16:43
Zero Day Initiative Advisory 11-185
» ‎ Packet Storm Security Recent Files

Zero Day Initiative Advisory 11-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'bfd ' tag it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
Tags: day zero integer heap-allocation memory-corruption color-profiles

16:43
Zero Day Initiative Advisory 11-185
» ‎ Packet Storm Security Misc. Files

Zero Day Initiative Advisory 11-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'bfd ' tag it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
Tags: day zero integer heap-allocation memory-corruption color-profiles

May 23, 2011
0:00
Vuln: Ruby 'BigDecimal' Class Integer Truncation Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Ruby 'BigDecimal' Class Integer Truncation Remote Code Execution Vulnerability
Tags: integer bigdecimal class ruby code-execution class-integer vulnerability
May 16, 2011
0:00
Vuln: FFmpeg Integer Overflow and Denial of Service Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

FFmpeg Integer Overflow and Denial of Service Vulnerabilities
Tags: ffmpeg integer overflow integer-overflow denial-of-service

April 11, 2011
17:15
Microsoft Reader 2.1.1.3143 / 2.6.1.7169 Integer Overflow
» ‎ Packet Storm Security Exploits

Microsoft Reader versions 2.1.1.3143 and below and versions 2.6.1.7169 and below suffer from an integer overflow caused by a controlled memmove. Proof of concept code included.
Tags: integer microsoft reader integer-overflow proof-of-concept microsoft-reader

17:15
Microsoft Reader 2.1.1.3143 / 2.6.1.7169 Integer Overflow
» ‎ Packet Storm Security Recent Files

Microsoft Reader versions 2.1.1.3143 and below and versions 2.6.1.7169 and below suffer from an integer overflow caused by a controlled memmove. Proof of concept code included.
Tags: integer microsoft reader integer-overflow proof-of-concept microsoft-reader

17:15
Microsoft Reader 2.1.1.3143 / 2.6.1.7169 Integer Overflow
» ‎ Packet Storm Security Misc. Files

Microsoft Reader versions 2.1.1.3143 and below and versions 2.6.1.7169 and below suffer from an integer overflow caused by a controlled memmove. Proof of concept code included.
Tags: integer microsoft reader integer-overflow proof-of-concept microsoft-reader
17:03
Microsoft Reader 2.1.1.3143 Integer Overflow
» ‎ Packet Storm Security Misc. Files

Microsoft Reader versions 2.1.1.3143 and below suffer from an integer overflow vulnerability during the handling of the number of pieces of the initial ITLS header at offset 0x10. Proof of concept code included.
Tags: integer microsoft reader integer-overflow-vulnerability proof-of-concept microsoft-reader

March 31, 2011
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2

March 27, 2011
9:02
XPDF T1lib Integer Overflows / Heap Corruption
» ‎ Packet Storm Security Advisories

The Linux version of xpdf is linked against t1lib, which is vulnerable to multiple vulnerabilities including off by ones, integer overflows and heap corruptions. At least one of those is exploitable and allows arbitrary code to be executed on the target machine when opening a specially crafted pdf file.
Tags: integer xpdf lib heap-corruption target-machine linux-version

9:02
XPDF T1lib Integer Overflows / Heap Corruption
» ‎ Packet Storm Security Recent Files

The Linux version of xpdf is linked against t1lib, which is vulnerable to multiple vulnerabilities including off by ones, integer overflows and heap corruptions. At least one of those is exploitable and allows arbitrary code to be executed on the target machine when opening a specially crafted pdf file.
Tags: integer xpdf lib heap-corruption target-machine linux-version

9:02
XPDF T1lib Integer Overflows / Heap Corruption
» ‎ Packet Storm Security Misc. Files

The Linux version of xpdf is linked against t1lib, which is vulnerable to multiple vulnerabilities including off by ones, integer overflows and heap corruptions. At least one of those is exploitable and allows arbitrary code to be executed on the target machine when opening a specially crafted pdf file.
Tags: integer xpdf lib heap-corruption target-machine linux-version

March 22, 2011
13:35
Apple Mac OS X ImageIO Integer Overflow
» ‎ Packet Storm Security Advisories

Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.
Tags: integer ngs overflow mac-os tiff x-imageio dominic-chell apple-mac-os x-server arbitrary-code-execution mac-os-x-server

13:35
Apple Mac OS X ImageIO Integer Overflow
» ‎ Packet Storm Security Recent Files

Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.
Tags: integer ngs overflow mac-os tiff x-imageio dominic-chell apple-mac-os x-server arbitrary-code-execution mac-os-x-server

13:35
Apple Mac OS X ImageIO Integer Overflow
» ‎ Packet Storm Security Misc. Files

Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.
Tags: integer ngs overflow mac-os tiff x-imageio dominic-chell apple-mac-os x-server arbitrary-code-execution mac-os-x-server

March 16, 2011
0:00
Vuln: Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
Tags: integer kernel linux integer-overflow-vulnerability linux-kernel
February 01, 2011
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
December 21, 2010
0:00
Vuln: Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
Tags: integer kernel linux integer-overflow-vulnerability linux-kernel
December 17, 2010
0:00
Vuln: Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
Tags: integer kernel linux integer-overflow-vulnerability linux-kernel

December 10, 2010
5:42
PHP 5.3.3 Integer Overflow
» ‎ Packet Storm Security Exploits

PHP version 5.3.3 suffers from a NumberFormatter::getSymbol integer overflow vulnerability.
Tags: integer php overflow integer-overflow-vulnerability php-version numberformatter

December 07, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
November 29, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2

November 26, 2010
4:12
Ghostscript Library Off-By-One, Integer Overflow, Heap Corruption
» ‎ Packet Storm Security Advisories

An off by one in the library libgs.so.8 shipped with Ghostscript in versions 8.70 and below generates an integer overflow, which in turn produces a heap corruption, resulting in a (remote) Denial of Service (crash) in several applications using this library when processing a specially crafted font. This vulnerability cannot be exploited to execute arbitrary code under GNU/Linux x86, to the best of our knowledge. Other targets, in particular Windows have not been tested and may or may not allow execution of arbitrary code.
Tags: ghostscript integer library heap-corruption integer-overflow denial-of-service

4:12
Ghostscript Library Off-By-One, Integer Overflow, Heap Corruption
» ‎ Packet Storm Security Recent Files

An off by one in the library libgs.so.8 shipped with Ghostscript in versions 8.70 and below generates an integer overflow, which in turn produces a heap corruption, resulting in a (remote) Denial of Service (crash) in several applications using this library when processing a specially crafted font. This vulnerability cannot be exploited to execute arbitrary code under GNU/Linux x86, to the best of our knowledge. Other targets, in particular Windows have not been tested and may or may not allow execution of arbitrary code.
Tags: ghostscript integer library heap-corruption integer-overflow denial-of-service

4:12
Ghostscript Library Off-By-One, Integer Overflow, Heap Corruption
» ‎ Packet Storm Security Misc. Files

An off by one in the library libgs.so.8 shipped with Ghostscript in versions 8.70 and below generates an integer overflow, which in turn produces a heap corruption, resulting in a (remote) Denial of Service (crash) in several applications using this library when processing a specially crafted font. This vulnerability cannot be exploited to execute arbitrary code under GNU/Linux x86, to the best of our knowledge. Other targets, in particular Windows have not been tested and may or may not allow execution of arbitrary code.
Tags: ghostscript integer library heap-corruption integer-overflow denial-of-service

November 23, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
November 22, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
November 09, 2010
0:00
Vuln: Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
Tags: integer kernel linux integer-overflow-vulnerability linux-kernel

November 05, 2010
14:01
MDVSA-2010-221.txt
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2010-221 - OpenOffice.org software suffers from multiple issues. Multiple vulnerabilities was discovered and corrected in the Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. Heap-based buffer overflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression. Integer underflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. Other issues have also been addressed.
Tags: integer code overflow based-buffer-overflow integer-overflow denial-of-service

14:00
MDVSA-2010-221.txt
» ‎ Packet Storm Security Advisories

Mandriva Linux Security Advisory 2010-221 - OpenOffice.org software suffers from multiple issues. Multiple vulnerabilities was discovered and corrected in the Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. Heap-based buffer overflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression. Integer underflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. Other issues have also been addressed.
Tags: integer code overflow based-buffer-overflow integer-overflow denial-of-service

November 02, 2010
0:00
Vuln: Xpdf Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Xpdf Multiple Integer Overflow Vulnerabilities
Tags: integer multiple xpdf integer-overflow
October 29, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
October 19, 2010
0:00
Vuln: WebKit Integer Truncation TCP Port Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

WebKit Integer Truncation TCP Port Information Disclosure Vulnerability
Tags: integer webkit truncation information-disclosure-vulnerability
October 18, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
October 14, 2010
0:00
Vuln: Xpdf Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Xpdf Multiple Integer Overflow Vulnerabilities
Tags: integer multiple xpdf integer-overflow
October 08, 2010
0:00
Vuln: Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
Tags: integer kernel linux integer-overflow-vulnerability linux-kernel
October 07, 2010
0:00
Vuln: Xpdf Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Xpdf Multiple Integer Overflow Vulnerabilities
Tags: integer multiple xpdf integer-overflow

October 06, 2010
13:42
SWFTools Two Integer Overflow Vulnerabilities
» ‎ SecuriTeam

Secunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: integer swftools overflow integer-overflow safer-use s-system

0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
September 29, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
September 27, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
September 24, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
September 22, 2010
0:00
Vuln: Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
Tags: integer kernel linux integer-overflow-vulnerability linux-kernel
September 21, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2
September 20, 2010
0:00
Vuln: bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
Tags: integer function bzip integer-overflow-vulnerability bzip2

September 02, 2010
22:01
glsa-201009-01.txt
» ‎ Packet Storm Security Recent Files

Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected.
Tags: wxgtk overflow integer integer-overflow-vulnerability gentoo-linux-security based-buffer-overflow

22:01
glsa-201009-01.txt
» ‎ Packet Storm Security Advisories

Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected.
Tags: wxgtk overflow integer integer-overflow-vulnerability gentoo-linux-security based-buffer-overflow

August 13, 2010
9:01
secunia-swftools.txt
» ‎ Packet Storm Security Recent Files

Secunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system. An integer overflow error within the getPNG() function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. An integer overflow error within the jpeg_load() function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images.
Tags: overflow integer jpeg based-buffer-overflow overflow-error integer-overflow

9:00
secunia-swftools.txt
» ‎ Packet Storm Security Advisories

Secunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system. An integer overflow error within the getPNG() function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. An integer overflow error within the jpeg_load() function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images.
Tags: overflow integer jpeg based-buffer-overflow overflow-error integer-overflow

July 30, 2010
21:37
Winamp Player FLV Data Processing Integer Overflow Vulnerabilities
» ‎ SecuriTeam

Integer overflow vulnerabilities were discovered in Winamp Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: integer player winamp integer-overflow winamp-player safer-use

July 26, 2010
20:33
USN-958-1.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output.
Tags: overflow integer thunderbird chris-evans dalili css-selectors integer-overflow png-images

July 23, 2010
13:36
USN-930-4.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
Tags: ubuntu integer firefox martin-barbella integer-overflow barbella http-header

13:34
USN-930-4.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
Tags: ubuntu integer firefox martin-barbella integer-overflow barbella http-header

July 01, 2010
0:01
USN-930-3.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 930-3 - USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
Tags: problem integer firefox martin-barbella integer-overflow barbella http-header

0:00
USN-930-3.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 930-3 - USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
Tags: problem integer firefox martin-barbella integer-overflow barbella http-header

June 29, 2010
21:05
USN-930-1.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 930-1 - If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
Tags: overflow integer firefox martin-barbella integer-overflow barbella http-header

21:02
USN-930-1.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 930-1 - If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
Tags: overflow integer firefox martin-barbella integer-overflow barbella http-header

June 28, 2010
16:56
Ziproxy Multiple Integer Overflow Vulnerabilities
» ‎ SecuriTeam

Two vulnerabilities were discovered in Ziproxy, which can be exploited by malicious people to compromise a vulnerable system.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: integer multiple ziproxy integer-overflow safer-use penetration
16:41
Ziproxy Multiple Integer Overflow Vulnerabilities
» ‎ SecuriTeam

Two vulnerabilities were discovered in Ziproxy, which can be exploited by malicious people to compromise a vulnerable system.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: integer multiple ziproxy integer-overflow safer-use penetration
June 10, 2010
11:49
Apple Safari ColorSync Profile Integer Overflow Vulnerability
» ‎ SecuriTeam

An Integer Overflow Vulnerability was discoveredin Apple's Safari Web Browser.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: integer vulnerability overflow apple-safari integer-overflow-vulnerability colorsync-profile

0:00
Vuln: WebKit Integer Truncation TCP Port Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

WebKit Integer Truncation TCP Port Information Disclosure Vulnerability
Tags: integer webkit truncation information-disclosure-vulnerability

June 03, 2010
22:01
glsa-201006-15.txt
» ‎ Packet Storm Security Recent Files

Gentoo Linux Security Advisory 201006-15 - Multiple integer overflow errors in XEmacs might allow remote, user-assisted attackers to execute arbitrary code. Tielei Wang reported multiple integer overflow vulnerabilities in the tiff_instantiate(), png_instantiate() and jpeg_instantiate() functions in glyphs-eimage.c, all possibly leading to heap-based buffer overflows. Versions less than 21.4.22-r1 are affected.
Tags: overflow integer instantiate gentoo-linux-security overflow-errors integer-overflow

22:00
glsa-201006-15.txt
» ‎ Packet Storm Security Advisories

Gentoo Linux Security Advisory 201006-15 - Multiple integer overflow errors in XEmacs might allow remote, user-assisted attackers to execute arbitrary code. Tielei Wang reported multiple integer overflow vulnerabilities in the tiff_instantiate(), png_instantiate() and jpeg_instantiate() functions in glyphs-eimage.c, all possibly leading to heap-based buffer overflows. Versions less than 21.4.22-r1 are affected.
Tags: overflow integer instantiate gentoo-linux-security overflow-errors integer-overflow
June 01, 2010
22:00
glsa-201006-03.txt
» ‎ Packet Storm Security Advisories

Gentoo Linux Security Advisory 201006-3 - An integer overflow in ImageMagick might allow remote attackers to cause the remote execution of arbitrary code. Tielei Wang has discovered that the XMakeImage() function in magick/xwindow.c is prone to an integer overflow, possibly leading to a buffer overflow. Versions less than 6.5.2.9 are affected.
Tags: overflow glsa integer gentoo-linux-security integer-overflow buffer-overflow

19:00
glsa-201006-02.txt
» ‎ Packet Storm Security Recent Files

Gentoo Linux Security Advisory 201006-2 - Multiple integer overflows in CamlImages might result in the remote execution of arbitrary code. Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the (1) read_png_file() and read_png_file_as_rgb24() functions, when processing a PNG image (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing GIF or JPEG images (CVE-2009-2660). Versions less than 3.0.2 are affected.
Tags: file integer png gentoo-linux-security png-file buffer-overflows

19:00
glsa-201006-02.txt
» ‎ Packet Storm Security Advisories

Gentoo Linux Security Advisory 201006-2 - Multiple integer overflows in CamlImages might result in the remote execution of arbitrary code. Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the (1) read_png_file() and read_png_file_as_rgb24() functions, when processing a PNG image (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing GIF or JPEG images (CVE-2009-2660). Versions less than 3.0.2 are affected.
Tags: file integer png gentoo-linux-security png-file buffer-overflows

May 24, 2010
23:01
secunia-ziproxy.txt
» ‎ Packet Storm Security Recent Files

Secunia Research has discovered two vulnerabilities in Ziproxy, which can be exploited by malicious people to compromise a vulnerable system. An integer overflow within the jpg2bitmap() function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted JPG images. An integer overflow within the png2bitmap() function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. Ziproxy version 3.0.0 is affected.
Tags: overflow integer ziproxy based-buffer-overflow integer-overflow png-images

23:00
secunia-ziproxy.txt
» ‎ Packet Storm Security Advisories

Secunia Research has discovered two vulnerabilities in Ziproxy, which can be exploited by malicious people to compromise a vulnerable system. An integer overflow within the jpg2bitmap() function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted JPG images. An integer overflow within the png2bitmap() function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. Ziproxy version 3.0.0 is affected.
Tags: overflow integer ziproxy based-buffer-overflow integer-overflow png-images

14:56
Apple iTunes ColorSync Profile Integer Overflow Vulnerability
» ‎ SecuriTeam

A Integer Overflow vulnerability was discovered in Apple iTunes.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: integer vulnerability overflow apple-itunes integer-overflow-vulnerability colorsync-profile

May 12, 2010
0:00
Vuln: Xpdf Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Xpdf Multiple Integer Overflow Vulnerabilities
Tags: integer multiple xpdf integer-overflow

May 06, 2010
1:00
Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005
» ‎ 1337day (was: Inj3ct0r, 1337db)

Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005
Tags: integer microsoft paint integer-overflow-vulnerability microsoft-paint ms10

0:00
Vuln: Xpdf Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Xpdf Multiple Integer Overflow Vulnerabilities
Tags: integer multiple xpdf integer-overflow

April 29, 2010
17:00
MDVSA-2010-086.txt
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2010-086 - Multiple vulnerabilities has been found and corrected in kpdf (kdegraphics). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. The updated packages have been patched to correct these issues.
Tags: integer overflow kpdf null-pointer-dereference based-buffer-overflow mandriva-linux

17:00
MDVSA-2010-086.txt
» ‎ Packet Storm Security Advisories

Mandriva Linux Security Advisory 2010-086 - Multiple vulnerabilities has been found and corrected in kpdf (kdegraphics). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. The updated packages have been patched to correct these issues.
Tags: integer overflow kpdf null-pointer-dereference based-buffer-overflow mandriva-linux

0:00
Vuln: Xpdf Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Xpdf Multiple Integer Overflow Vulnerabilities
Tags: integer multiple xpdf integer-overflow

April 16, 2010
20:00
04.15.10-2.txt
» ‎ Packet Storm Security Recent Files

iDefense Security Advisory 04.15.10 - Remote exploitation of an integer overflow vulnerability within AgentX++, as distributed with multiple vendors' products, allows attackers to execute arbitrary code with the privileges of the AgentX master process. This vulnerability exists within the AgentX::receive_agentx function. If an attacker sends a request specifying the maximum 32-bit integer as the payload length, adding one will cause an integer overflow, resulting in the allocation of a 0 size buffer. Since an attacker can send as much, or as little, data as they wish, they can overflow the allocated heap buffer by an arbitrary amount.
Tags: agentx overflow integer integer-overflow-vulnerability idefense-security-advisory arbitrary-code

20:00
04.15.10-2.txt
» ‎ Packet Storm Security Advisories

iDefense Security Advisory 04.15.10 - Remote exploitation of an integer overflow vulnerability within AgentX++, as distributed with multiple vendors' products, allows attackers to execute arbitrary code with the privileges of the AgentX master process. This vulnerability exists within the AgentX::receive_agentx function. If an attacker sends a request specifying the maximum 32-bit integer as the payload length, adding one will cause an integer overflow, resulting in the allocation of a 0 size buffer. Since an attacker can send as much, or as little, data as they wish, they can overflow the allocated heap buffer by an arbitrary amount.
Tags: agentx overflow integer integer-overflow-vulnerability idefense-security-advisory arbitrary-code

April 05, 2010
0:00
Vuln: Xpdf Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Xpdf Multiple Integer Overflow Vulnerabilities
Tags: integer multiple xpdf integer-overflow
April 03, 2010
0:00
Vuln: Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability
Tags: integer vulnerability overflow apple-safari integer-overflow-vulnerability

March 26, 2010
21:28
Autonomy KeyView OLE Document Integer Overflow Vulnerability
» ‎ SecuriTeam

Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: keyview integer autonomy integer-overflow-vulnerability safer-use arbitrary-code
21:26
Autonomy KeyView OLE Document Integer Overflow Vulnerability
» ‎ SecuriTeam

Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: keyview integer autonomy integer-overflow-vulnerability safer-use arbitrary-code
March 18, 2010
22:15
RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability
» ‎ SecuriTeam

Remote exploitation of an integer overflow vulnerability in RealNetworks Inc.'s Real Player could allow an attacker to execute arbitrary code with the privileges of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: integer realnetworks overflow integer-overflow-vulnerability realnetworks-inc safer-use

March 15, 2010
0:00
Vuln: CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
Tags: integer cups cupsimagereadtiff integer-overflow-vulnerability

March 05, 2010
15:00
03.04.10-1.txt
» ‎ Packet Storm Security Recent Files

iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.
Tags: overflow integer buffer integer-overflow-vulnerability buffer-overflow-condition idefense-security-advisory

14:00
03.04.10-1.txt
» ‎ Packet Storm Security Advisories

iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.
Tags: overflow integer buffer integer-overflow-vulnerability buffer-overflow-condition idefense-security-advisory

0:00
Vuln: Xpdf Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Xpdf Multiple Integer Overflow Vulnerabilities
Tags: integer multiple xpdf integer-overflow
February 26, 2010
0:00
Vuln: FreeType Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

FreeType Multiple Integer Overflow Vulnerabilities
Tags: integer multiple freetype integer-overflow
February 22, 2010
0:00
Vuln: Xpdf Multiple Integer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Xpdf Multiple Integer Overflow Vulnerabilities
Tags: integer multiple xpdf integer-overflow

February 01, 2010
19:00
02.01.10-2.txt
» ‎ Packet Storm Security Recent Files

iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in RealNetworks Inc.'s Real Player could allow an attacker to execute arbitrary code with the privileges of the current user. This problem specifically exists in the CMediumBlockAllocator::Alloc method. When calculating the size of a memory allocation, an integer overflow occurs. This leads to heap corruption, which can result in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Real Player versions 10.5 (build 6.0.12.883) and 11 (build 6.0.14.738) on Windows. Other versions may also be affected.
Tags: idefense overflow integer integer-overflow-vulnerability heap-corruption realnetworks-inc

19:00
02.01.10-2.txt
» ‎ Packet Storm Security Advisories

iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in RealNetworks Inc.'s Real Player could allow an attacker to execute arbitrary code with the privileges of the current user. This problem specifically exists in the CMediumBlockAllocator::Alloc method. When calculating the size of a memory allocation, an integer overflow occurs. This leads to heap corruption, which can result in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Real Player versions 10.5 (build 6.0.12.883) and 11 (build 6.0.14.738) on Windows. Other versions may also be affected.
Tags: idefense overflow integer integer-overflow-vulnerability heap-corruption realnetworks-inc

January 22, 2010

Permalink for 'Ruby, Nmap XML, and Databases'

6:45

Ruby, Nmap XML, and Databases

» ‎ Carnal0wnage

So I had a requirement to take some output from nmap scans, shove it into a database and then be able to run some queries on that data.

Wait, isn't there something that already does that?!

Actually PBNJ and nmap_xml2sql.pl will do this but uses (eeeek!) perl to do it. I wanted to do it in Ruby.

Your options for Ruby & Nmap parsing are:

-rubynmap http://rubynmap.sourceforge.net/
-ruby-nmap http://ruby-nmap.rubyforge.org/
-metasploit has its own nmap xml parser
-writing your own

I started with rubynmap for my parsing gem.
(Note: use the svn version. the version # hasn't changed but the svn version works alot better)

I stole the schema from nmap_xml2sql and added a few things and a scripts table for nmap scripts output and tried shoving that into a sqlite3 database.

TABLE nmap (
               sid INTEGER PRIMARY KEY AUTOINCREMENT,
               version TEXT,
               xmlversion TEXT,
               args TEXT,
               types TEXT,
               starttime INTEGER,
               startstr TEXT,
               endtime INTEGER,
               endstr TEXT,
               numservices INTEGER)

TABLE hosts (
               sid INTEGER,
               hid INTEGER PRIMARY KEY AUTOINCREMENT,
               ip4 TEXT,
               ip4num INTEGER,
               hostname TEXT,
               status TEXT,
               tcpcount INTEGER,
               udpcount INTEGER,
               mac TEXT,
               vendor TEXT,
               ip6 TEXT,
               distance INTEGER,
               uptime TEXT,
               upstr TEXT)

----SNIP----

This "works" but sqlite3 doesn't seem to actually support foreign keys. So while I was correctly assigning a SID value in nmap that value wasn't linking up in hosts and the HID value in subsequent tables. If I'm wrong here please let me know if this works for you as written. For me in populates with nulls and I don't see how its linking back to the tables.

cg@ihatesql:~$ sqlite3 nmap
SQLite version 3.6.21
sqlite> .dump nmap
CREATE TABLE nmap (
                sid INTEGER PRIMARY KEY AUTOINCREMENT,
                nmapversion TEXT,
                xmlversion TEXT,
                args TEXT,
                types TEXT,
                starttime INTEGER,
                startstr TEXT,
                endtime INTEGER,
                endstr TEXT,
                numservices INTEGER);
INSERT INTO "nmap" VALUES(1,'4.90RC1','1.03','nmap -A -oX test.xml 209.20.85.250','connect',1262181807,'Wed Dec 30 09:03:27 2009',1262181814,'Wed Dec 30 09:03:34 2009',1000);
COMMIT;

sqlite> .dump hosts
CREATE TABLE hosts (
                sid INTEGER ,
                hid INTEGER PRIMARY KEY AUTOINCREMENT,
                ip4num INTEGER,  
                hostname TEXT,
                status TEXT,           
                mac TEXT,
                vendor TEXT,
                ip6 TEXT,   
                distance INTEGER,
                uptime TEXT,
                starttime INTEGER,
                endtime INTEGER,
        );
INSERT INTO "hosts" VALUES(NULL,1,'209.20.85.250','209-20-85-250.slicehost.net','up','','','','','',1262181807,1262181814);
COMMIT;

so we can see that the SID and HID are correctly auto incrementing but the SID didn't make it into the hosts table

**Actually sqlite3 as of 3.6.19 supports foreign keys...by adding a
FOREIGN KEY(sid) REFERENCES nmap(sid) to the hosts table and so on. And by declaring PRAGMA foreign_keys = ON.

BUT I still couldn't get it to work.

doing a db.execute("PRAGMA foreign_keys = ON") wasn't working for me. I received no errors but doing a dump on the table would list the foreign key support as OFF :-( maybe its a gem issue?

So to cheat I added ip4num, ip6, hostname to tables i knew I'd be querying a lot like ports and scripts.


      CREATE TABLE ports (
                  hid INTEGER,
                  ip4num INTEGER,
                  ip6 TEXT,
                  port INTEGER,
                  state TEXT,
                  reason TEXT,
                  name TEXT,
                  tunnel TEXT,
                  product TEXT,
                  version TEXT,
                  extra TEXT,
                  confidence INTEGER,
                  method TEXT,
                  proto TEXT,
                  owner TEXT,   
                  rpcnum TEXT,
                  fingerprint TEXT,
          FOREIGN KEY(hid) REFERENCES hosts(hid)
          )

That way, querying for open ports or specific versions of a service were possible and I could still get an IP associated with that. A bit harder to pull all that information together but still there and a select * from ports; or select ip4num from ports where port = 1521; would return quick results.

So code or it didn't happen...

nmap-parse takes an nmap xml file and spits out some of the results
http://carnal0wnage.attackresearch.com/sites/default/files/nmap-parse.txt

rubynmapsqlite3 takes an nmapfile and database name (optional), creates or connects to the database, populates the tables if it needs to, parses the nmap xml and puts it into its appropriate tables.
http://carnal0wnage.attackresearch.com/sites/default/files/nmapsqlite3.txt

ruby-nmap-parse uses the ruby-nmap gem to parse nmap xml files
http://carnal0wnage.attackresearch.com/sites/default/files/ruby-nmap-parse.txt

caveats:
-my ruby coding sucks.
-my SQL coding sucks worse.
-code is released in "works for me" status
-send diffs not complaints :-) unless you go crazy with it, in which case just send me a link to your code

Next up pushing that data into a postgres database instead of sqlite3.

jetlib.sec » Tags » integer

Feeds

170 items tagged "integer"

Tags: org integer openoffice overflow-error integer-overflow dll-module

Tags: integer glibc gnu integer-overflow nargs

Tags: integer framework net integer-overflow-vulnerability heap corruption

Tags: integer framework net integer-overflow-vulnerability heap corruption

Tags: integer framework net integer-overflow-vulnerability heap corruption

Tags: integer glibc gnu integer-overflow nargs

Tags: integer glibc gnu integer-overflow nargs

Tags: integer glibc gnu integer-overflow nargs

Tags: integer vulnerability overflow x-cve- apple-mac-os integer-overflow-vulnerability apple-mac-os-x

Tags: integer mozilla firefox integer-overflow mozilla-firefox array

Tags: integer mozilla firefox integer-overflow mozilla-firefox array

Tags: integer mozilla firefox integer-overflow mozilla-firefox array

Tags: integer xnview heap integer-overflow proof-of-concept

Tags: integer xnview heap integer-overflow proof-of-concept

Tags: integer xnview heap integer-overflow proof-of-concept

Tags: integer array opera integer-overflow-vulnerability overflow-code array-functions

Tags: integer array opera integer-overflow-vulnerability overflow-code array-functions

Tags: integer array opera integer-overflow-vulnerability overflow-code array-functions

Tags: array opera integer integer-overflow bugtraq

Tags: integer overflow winamp avi avi-processing based-buffer-overflow overflow-error integer-overflow

Tags: integer overflow winamp avi avi-processing based-buffer-overflow overflow-error integer-overflow

Tags: integer overflow winamp avi avi-processing based-buffer-overflow overflow-error integer-overflow

Tags: java integer oracle overflow-error integer-overflow oracle-java

Tags: java integer oracle overflow-error integer-overflow oracle-java

Tags: java integer oracle overflow-error integer-overflow oracle-java

Tags: java integer oracle overflow-error integer-overflow oracle-java

Tags: integer overflow apache integer-overflow htaccess-file arbitrary-code

Tags: integer overflow apache integer-overflow htaccess-file arbitrary-code

Tags: integer overflow apache integer-overflow htaccess-file arbitrary-code

Tags: integer plotlinecentral overflow integer-overflow-vulnerability

Tags: integer plotlinecentral overflow integer-overflow-vulnerability

Tags: integer plotlinecentral overflow integer-overflow-vulnerability

Tags: integer function bzip integer-overflow-vulnerability bzip2

Tags: integer mozilla firefox integer-overflow array

Tags: integer mozilla firefox integer-overflow array

Tags: bugtraq integer overflow sterling-trader integer-overflow sterling

Tags: integer vulnerability overflow sterling-trader integer-overflow-vulnerability sterling

Tags: integer vulnerability overflow sterling-trader integer-overflow-vulnerability sterling

Tags: integer vulnerability overflow sterling-trader integer-overflow-vulnerability sterling

Tags: integer remote overflow sterling-trader integer-overflow-vulnerability sterling

Tags: integer idefense vulnerability idefense-security-advisory microsoft-corp arbitrary-code

Tags: integer idefense vulnerability idefense-security-advisory microsoft-corp arbitrary-code

Tags: integer cogent datahub integer-overflow-vulnerability proof-of-concept

Tags: integer cogent datahub integer-overflow-vulnerability proof-of-concept

Tags: integer vulnerability overflow apple-mac-os x-quicktime integer-overflow-vulnerability apple-mac-os-x

Tags: integer teechart activex arithmetic-operation integer-overflow activex-control

Tags: integer teechart activex arithmetic-operation integer-overflow activex-control

Tags: integer teechart activex arithmetic-operation integer-overflow activex-control

Tags: integer teechart professional integer-overflow-vulnerability

Tags: integer teechart professional integer-overflow-vulnerability

Tags: integer teechart professional integer-overflow-vulnerability

Tags: integer idefense overflow integer-overflow-vulnerability arbitrary-code-execution idefense-security-advisory

Tags: integer idefense overflow integer-overflow-vulnerability arbitrary-code-execution idefense-security-advisory

Tags: integer idefense overflow integer-overflow-vulnerability arbitrary-code-execution idefense-security-advisory

Tags: integer vulnerability overflow apple-mac-os x-quicktime integer-overflow-vulnerability apple-mac-os-x

Tags: integer skins xmms xmms-skins integer-overflow underflow

Tags: integer function bzip integer-overflow-vulnerability bzip2

Tags: integer vulnerability overflow x-coregraphics apple-mac-os integer-overflow-vulnerability apple-mac-os-x

Tags: integer vulnerability overflow x-colorsync apple-mac-os integer-overflow-vulnerability apple-mac-os-x

Tags: iconics integer overflow integer-overflow-vulnerability memory-allocations shell-session

Tags: iconics integer overflow integer-overflow-vulnerability memory-allocations shell-session

Tags: iconics integer overflow integer-overflow-vulnerability memory-allocations shell-session

Tags: integer gdi createdashedpath integer-overflow-vulnerability dll

Tags: integer gdi createdashedpath integer-overflow-vulnerability dll

Tags: integer gdi createdashedpath integer-overflow-vulnerability dll

Tags: iconics integer genesis integer-overflow exploits

Tags: integer foobar overflow integer-overflow-vulnerability

Tags: integer foobar overflow integer-overflow-vulnerability

Tags: integer heap winamp winamp-versions integer-overflow proof-of-concept

Tags: integer heap winamp winamp-versions integer-overflow proof-of-concept

Tags: integer heap winamp winamp-versions integer-overflow proof-of-concept

Tags: integer audio codec apple-lossless apple-mac-os x-quicktime integer-overflow-vulnerability

Tags: block integer webkit apple-safari integer-overflow-vulnerability overflow-error