adb (Android Debug Bridge) backup and restore suffers from a traversal vulnerability where a file with a malicious name can overwrite files outside of the appropriate directory.
eb3ffd09ecd5ca06060be0c442a3edcedfc027d3e35c7c125ecb2c9c47604770In this paper the author demonstrates how spinning hard-drives' service areas can be used to hide data from the operating-system (or any software using the standard OS's API or the standard ATA commands to access the hard-drive). These reserved areas are used by hard-drive vendors to store modules that in turn operate the drive, and in a sense, together with the ROM, serve as the hard-drive’s internal storage and OS. By sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these areas to read and write data that are otherwise inaccessible. This should not be confused with DCO or HPA which can be easily detected, removed and accessed via standard ATA commands.
56c7d0d4187efd4b11c8476ff27ccc113b0205c32f936a78c17c88cafa947b3dThree buffer overflows have been discovered in xloadimage during the handling of the image title name. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. At that point, it will also copy the title from the old image to the newly created image. The 'zoom', 'reduce', and 'rotate' functions are using a fixed length buffer to construct the new title name when an image processing is done. Since the title name in a NIFF format is of varying length, and there are insufficient buffer size validations, the buffer can be overflowed. Proof of concept files included.
d6405d0250103efa153a79199d053e8ec209db2107cbb6bbed5155b986e00757A buffer overflow vulnerability exists in the Yanf news fetcher utility version 0.4.
877eee2f42cbd1fbc93e5f7b498d7e966f2d625fc7823cb2e7dcd7ce37052da0Vilistextum version 2.6.6 is susceptible to a buffer overflow in the get_attr() function.
3647ccca69811067c47b4f3ca914498ff7ba6d96d57aa902ef52f5d4d65c7f20Bolthole Filter 2.6.1 is susceptible to a buffer overflow in the save_embedded_address() function.
e81216105c9e6872a277520889e10eb6ed145339886c78f8534bc7ae33ead91aDXFscope version 0.2 is susceptible to a buffer overflow in the dxfin() function.
34369099fb355879ef5d0da41977d60a2e86ad54487c2f236eb122ab38a89cafchangepassword version 0.8 fails to use a trusted path when calling make.
da1061e9de0ae066f6c2d658e82865131a2705010fda490fa62cb52b0630431fConvex 3D version 0.8pre1 is susceptible to a boundary error condition in the readObjectChunk() function that can result in arbitrary code execution.
c0be34234c7b7ee264a7e65fbf8b54ae365a38cebd00de455fee697c1b176833A boundary error in the ParseCommand() function of CUPS version 1.x allows for a buffer overflow attack.
9ccc61dd6cf89fb1b7ef2aaa8f5dfe79a4ba5c2dd48a1000eff91a3631981c4cA boundary error condition in xine-lib versions 1-rc5 and 1-rc7 allows for arbitrary code execution.
16d1652200dbbf84c39bd07bfd776f45e532758e649d978d1e7bc23cbbbd270fA boundary error condition in ArBas 2fax allow for arbitrary code execution. Version 3.04 was found susceptible.
356e87e258b9ac8d5fb03c4ec8826e44b8b471af4e4c8bba86981353f2aa2447
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed