what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow
Posted Jul 28, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-0131
SHA-256 | 79ff156cf917fb691f4b17bdbfad5cb0a6cc061edf41a7bcd72b346f6913a832

Related Files

Clam AntiVirus parsehwp3_paragraph() Denial Of Service
Posted Jul 13, 2018
Authored by Laurent Delosieres | Site secunia.com

Secunia Research has discovered a vulnerability in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parsehwp3_paragraph()" function (libclamav/hwp.c) can be exploited to trigger an infinite loop via a specially crafted Hangul Word Processor file. The vulnerability is confirmed in version 0.100.0 and reported in versions prior to 0.100.1.

tags | advisory, denial of service, overflow
advisories | CVE-2018-0360
SHA-256 | 35de8f1d0b377601d9193972f01694233332853eeac0bf4ef7798aa8df394deb
HP Security Bulletin HPSBGN03643 1
Posted Nov 8, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03643 1 - Potential security vulnerabilities have been identified in the Filter SDK component of HPE KeyView. These vulnerabilities could be exploited remotely to allow code execution. Revision 1 of this advisory.

tags | advisory, vulnerability, code execution
advisories | CVE-2016-4402, CVE-2016-4403, CVE-2016-4404
SHA-256 | 5fcf168a5e11f3ffa6c1e51ce1fa0dd0bfe6ab355c1e3756e5301a956e6c100a
HP Security Bulletin HPSBGN03639 1
Posted Oct 5, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03639 1 - A potential security vulnerability has been identified in HPE KeyView. The vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.

tags | advisory, code execution
advisories | CVE-2016-4387, CVE-2016-4388, CVE-2016-4389, CVE-2016-4390
SHA-256 | ad870e799f99454ad629da5f592d1255669c940f72b247fcf719a8620fb2255c
HP Security Bulletin HPSBGN03395 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, freebsd, aix, hpux
advisories | CVE-2015-5416, CVE-2015-5417, CVE-2015-5418, CVE-2015-5419, CVE-2015-5420, CVE-2015-5421, CVE-2015-5422, CVE-2015-5423, CVE-2015-5424
SHA-256 | d4943331c6e9bd04dfbd5d772d43f3cfb604cd0b207c5e286fdb599dbf4649c0
HP Security Bulletin HPSBGN03395 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, freebsd, aix, hpux
advisories | CVE-2015-5416, CVE-2015-5417, CVE-2015-5418, CVE-2015-5419, CVE-2015-5420, CVE-2015-5421, CVE-2015-5422, CVE-2015-5423, CVE-2015-5424
SHA-256 | d4943331c6e9bd04dfbd5d772d43f3cfb604cd0b207c5e286fdb599dbf4649c0
Secunia Security Advisory 51362
Posted Nov 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 4eb9ed412aeba9d80bb03dd7ef5870eeed6cea985428b3ea3443ad3e39ef210f
Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow
Posted Sep 3, 2012
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Photoshop, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by insufficient validation in Photoshop.exe when decompressing SGI24LogLum-compressed TIFF images. This can be exploited via a specially crafted TIFF image to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2012-0275
SHA-256 | 5b250b817b803791ecb2d09e8b49b1e908f5a7faf39121b38e3d74b57f9b9b57
Citrix Access Gateway Plug-in For Windows nsepacom Integer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation may allow execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2593
SHA-256 | e3fca65bdb01a3b7b24ef54cae23d5e08cd0034667d410d5364cab845d4fe8a7
Secunia Security Advisory 44225
Posted Oct 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered three vulnerabilities in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 754391f1068eba24371539d6d1d2ae3d5631e06756a2b55ac1a7d439697e519b
Autonomy Keyview Ichitaro Object Reconstruction Logic
Posted Oct 7, 2011
Site secunia.com

Secunia Research has discovered a vulnerability in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a logic error in the Ichitaro speed reader (jtdsr.dll) when attempting to reconstruct higher-level objects and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Version 10.3 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2011-0339
SHA-256 | d5e75933e09e845ef137f1e214acd3daba62b091b867d3f86c99c49c4fb8a1bd
Autonomy Keyview Ichitaro Text Parsing Buffer Overflow
Posted Oct 7, 2011
Site secunia.com

Secunia Research has discovered a vulnerability in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Ichitaro speed reader (jtdsr.dll) when parsing "Text" chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Version 10.3 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2011-0338
SHA-256 | d4c58b78a917a3975cccd3fd186aa9b3e2b0fa0d8eb7ac3c3fa3f6db6467cd41
Autonomy Keyview Ichitaro QLST Integer Overflow
Posted Oct 7, 2011
Site secunia.com

Secunia Research has discovered a vulnerability in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer overflow error in the Ichitaro speed reader (jtdsr.dll) when parsing QLST chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Version 10.3 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2011-0337
SHA-256 | d24cd05a6e4d709be1e57e4e15c52c15b5a2ed2e2c1e3e61fc50b6f372182659
Cyrus IMAPd NTTP Authentication Bypass
Posted Oct 5, 2011
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused by an error in the authentication mechanism of the NNTP server. This can be exploited to bypass the authentication process and execute commands intended for authenticated users only by sending an "AUTHINFO USER" command without a following "AUTHINFO PASS" command. Versions 2.4.10 and 2.4.11 are affected.

tags | advisory
SHA-256 | a527d453cfb32475e8deb8f919bc978fc3f901cd5b277252506bccdd46d12b1f
Secunia Security Advisory 44820
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 38c3992e122115cbe73086538823f318de0eecaedb496f3811961389ccea2f34
Secunia Security Advisory 44736
Posted May 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Autonomy Keyview, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 97000a66520d0db28232bbee1bc1a211d7a3c38ddd1113cd12ffed6d5c245e29
Adobe Shockwave Player "DEMX" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-2582
SHA-256 | 0520606f6722058230d81d2805a4528a191ff0ab419df32cfb2367dc2efaca0c
Adobe Shockwave Player "pamm" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-2581
SHA-256 | a3e29c613af64c8ecff2b697ddfc189577bbb6d153195c683e72b4cc58a495ab
Zero Day Initiative Advisory 10-159
Posted Aug 24, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed .wk3 document. The application will trust a length specified in the file in order to read a number of bytes into a statically allocated buffer. This leads to a buffer overflow and can lead to code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | 07a662e823b1c48b0488fa5bf4785655dac16efed3acf3a179e4943e49c57461
Zero Day Initiative Advisory 10-158
Posted Aug 24, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-158 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed .wk3 document. The application will mistrust a length used to allocate a buffer. Later, the application will use a differently calculated length in a copy used to initialize that buffer. This leads to a buffer overflow and can lead to code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | aa87f560104a2a07040f49eb78c2fb02bb94b9f1b12d0051ae242816f00c2219
Zero Day Initiative Advisory 10-157
Posted Aug 24, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-157 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a Word document containing a malformed shape. The application will calculate a length incorrectly when using it to copy data into an allocated buffer. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
SHA-256 | 7eaf4e9fe75b91866e7e1361b85fa2bbff07b8b435ecbe5a0e508954308f6770
Zero Day Initiative Advisory 10-156
Posted Aug 24, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed Word document. The application will copy an arbitrarily sized ASCII string representing the font name into a constant sized buffer located on the stack. If large enough this will lead to a buffer overflow and can lead to code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | 1949c349f722e2055cfd9da3a013ef7d87d2575f0c7c3471abed500176d2f4ea
Secunia Security Advisory 38690
Posted Aug 10, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | 0ba8d7ddf17aee75d25f09bb9f1883f90d264338d78e511d512a4bbb503d2893
Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows
Posted Jul 28, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2010-0133
SHA-256 | ba54e9780a47cbb9ac825fb26ba0fcde7c0734880a7eec64089b018ed29a2036
Autonomy KeyView wkssr.dll String Indexing Vulnerability
Posted Jul 28, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

tags | advisory, arbitrary
advisories | CVE-2010-1524
SHA-256 | f9a9de57b6faceeb2d7116e3bbd81eb59d6cb237692bb06b5afcdb428702f9d2
Autonomy KeyView wkssr.dll Integer Underflow Vulnerability
Posted Jul 28, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2010-1525
SHA-256 | 29ad95481579f1764c96d5a3b905c173447d7638ad22ab0b3fad3310e1033f40
Page 1 of 4
Back1234Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close