Vulnerabilities in Winlog 2.07.16

### Luigi Auriemma Application: Sielco Sistemi Winlog http://www.sielcosistemi.com/en/products/winlog_scada_hmi/ Versions: = 2.07.16 Platforms:Windows Bugs

Vulnerabilities in Samsung TV (remote controller protocol)

### Luigi Auriemma Application: Samsung devices with support for remote controllers http://www.samsung.com Versions: current Platforms:the vulnerable protocol is used on both

Vulnerabilities in Serv-U 11.1.0.3

### Luigi Auriemma Application: Serv-U (FTP) http://www.serv-u.com Versions: = 11.1.0.3 Platforms:Windows, Linux bug B should affect only some Windows versions

Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2

### Luigi Auriemma Application: 3S CoDeSys http://www.3s-software.com/index.shtml?en_CoDeSysV3_en Versions: = 3.4 SP4 Patch 2 Platforms:Windows Bugs: A] GatewayService

Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2

### Luigi Auriemma Application: Siemens SIMATIC WinCC flexible (Runtime) http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc

Vulnerabilities in Siemens Automation License Manager

### Luigi Auriemma Application: Siemens Automation License Manager http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfolang=ensiteid=cseusaktprim=0extranet

Vulnerabilities in Cytel Studio 9

### Luigi Auriemma Application: Cytel Studio: StatXact / LogXact / CrossOver http://www.cytel.com/Software/StatXact.aspx http://www.cytel.com/Software/LogXact.aspx

Vulnerabilities in GenStat 14.1.0.5943

### Luigi Auriemma Application: GenStat http://www.vsni.co.uk/software/genstat/ Versions: = 14.1.0.5943 Platforms:Windows Bugs: A] array overflow with write2

Arbitrary memory corruption in NCSS 07.1.21

### Luigi Auriemma Application: NCSS (aka NCSS 2007) http://www.ncss.com/ncss.html Versions: = 07.1.21 Platforms:Windows Bug: array overflow with write2 Exploitation

Vulnerabilities in PcVue 10 (SCADA)

### Luigi Auriemma Application: PcVue http://www.arcinfo.com/index.php?option=com_contentid=2Itemid=151 Versions: PcVue = 10.0 SVUIGrd.ocx = 1.5.1.0

Vulnerabilities in Sunway ForceControl 6.1 sp3 (SCADA)

### Luigi Auriemma Application: Sunway ForceControl http://www.sunwayland.com.cn/pro.asp Versions: = 6.1 sp3 with AngelServer and WebServer updated Platforms:Windows Bugs

Advisory for MS11-035 / ZDI-11-167

### Luigi Auriemma Application: Microsoft WINS service http://www.microsoft.com Versions: = 5.2.3790.4520 Platforms:Windows Bug: arbitrary memory corruption

Vulnerabilities in trading and SCADA softwares

everything is correct although not much detailed. If there will be enough interest in these sectors I will release new vulnerabilities in the next weeks. --- Luigi Auriemma http://aluigi.org

Vulnerabilities in BroadWin WebAccess Client 1.0.0.10

### Luigi Auriemma Application: BroadWin WebAccess Client http://broadwin.com/Client.htm Versions: bwocxrun.ocx = 1.0.0.10 (aka version 7.0) Platforms:Windows Bugs

bcksrvr format string in Sybase Adaptive Server 15.5

### Luigi Auriemma Application: Sybase Adaptive Server http://www.sybase.com/products/databasemanagement/adaptiveserverenterprise Versions: = 15.5 Platforms:Solaris, Windows

Arbitrary files deletion in HP OpenView Communication Broker

### Luigi Auriemma Application: HP OpenView Communication Broker http://www8.hp.com/us/en/software/enterprise-software.html Versions: ovbbccb.exe = 11.0.43.0 Platforms:Windows

Integer overflow in foobar2000 1.1.7

### Luigi Auriemma Application: foobar2000 http://www.foobar2000.org Versions: = 1.1.7 Platforms:Windows Bug: integer overflow Date: 03 Jul 2011 Author

in_midi multiple vulnerabilities in Winamp 5.61

### Luigi Auriemma Application: Winamp http://www.winamp.com Versions: = 5.61 Platforms:Windows Bugs: A] in_midi Controller messages heap overflow B

bcksrvr format string in Sybase Adaptive Server 15.5

### Luigi Auriemma Application: Sybase Adaptive Server http://www.sybase.com/products/databasemanagement/adaptiveserverenterprise Versions: = 15.5 Platforms:Solaris, Windows

Multiple vulnerabilities in Winamp 5.61

### Luigi Auriemma Application: Winamp http://www.winamp.com Versions: = 5.61 Platforms:Windows Bugs: A] vp6 heap corruption B] h263 heap corruption

Off-by-one in Sybase Advantage Server 10.0.0.3

### Luigi Auriemma Application: Sybase Advantage Server http://www.sybase.com/products/databasemanagement/advantagedatabaseserver Versions: = 10.0.0.3 Platforms:Windows

Stack overflow in Microsoft HTML Help 6.1 (CHM files)

### Luigi Auriemma Application: Microsoft HTML Help http://www.microsoft.com Versions: = 6.1 Platforms:Windows (any version included the latest Windows 7) Bug: stack

Vulnerabilities in Microsoft Reader and HIS

like the crashing and the freezing of the services with CPU at 100%: http://aluigi.org/adv/snabase_1-adv.txt --- Luigi Auriemma http://aluigi.org

Re: Vulnerabilities in some SCADA server softwares

of the vendors. --- Luigi Auriemma http://aluigi.org

Re: Vulnerabilities in some SCADA server softwares

you guys have some potential issues, here they are!!! I have done it in the exact moment that I have uploaded my advisories on my website making anyone aware of the problems, included the same vendors that now can fix them. --- Luigi Auriemma http://aluigi.org

Vulnerabilities in some SCADA server softwares

/realwin_7-adv.txt http://aluigi.org/adv/realwin_8-adv.txt --- Luigi Auriemma http://aluigi.org

Heap overflow in RealPlayer 14.0.1.633

### Luigi Auriemma Application: RealPlayer http://www.real.com Versions: = 14.0.1.633 Platforms:Windows, Macintosh OSX, Linux, Symbian, Palm Bug: heap overflow

Code execution in Microsoft Fax Cover Page Editor

### Luigi Auriemma Application: Microsoft Fax Cover Page Editor http://windows.microsoft.com/en-US/windows-vista/Create-or-edit-a-fax-cover-page Versions: = 5.2.3790.3959

Failed assertion in the Unreal engine

### Luigi Auriemma Application: Unreal engine http://www.unrealtechnology.com Versions: the games which have been tested and resulted vulnerable are Unreal

Clients format strings in the Unreal engine

### Luigi Auriemma Application: Unreal engine http://www.unrealtechnology.com Versions: almost any game which uses the Unreal engine is affected

NULL pointer in Ventrilo 3.0.2

### Luigi Auriemma Application: Ventrilo http://www.ventrilo.com Versions: = 3.0.2 Platforms:Windows, Linux i386, Solaris SPARC, Solaris x86, FreeBSD i386

Endless loop and resources consumption in Halo 1.0.7.0615

### Luigi Auriemma Application: Halo: Combat Evolved http://www.microsoft.com/games/pc/halo.aspx Versions: = 1.0.7.0615 (before 30 Jul 2008) Platforms:Windows Bugs

Server termination in America's Army 2.8.3.1

### Luigi Auriemma Applications: America's Army http://www.americasarmy.com Versions: = 2.8.3.1 Platforms:Windows (tested), Linux and Mac Bug: server termination due

Memory corruption and NULL pointer in Unreal Tournament III 1.2

### Luigi Auriemma Application: Unreal Tournament III http://www.unrealtournament3.com Versions: = 1.2 and 1.3beta4 Platforms:Windows (tested), Linux, PS3 and Xbox360 Bugs

NULL pointer in Unreal Tournament 2004 v3369

### Luigi Auriemma Application: Unreal Tournament 2004 http://www.unrealtournament2003.com/ut2004/index.html Versions: = v3369 Platforms:Windows and Linux Bug: NULL

NULL pointer in ZDaemon 1.08.07

### Luigi Auriemma Application: ZDaemon http://www.zdaemon.org Versions: = 1.08.07 Platforms:Windows and Linux Bug: NULL pointer Exploitation: remote, versus server

Endless loop in Soldner 33724

### Luigi Auriemma Application: SÖLDNER - Secret Wars http://www.secretwars.net http://soldner.jowood.com Versions: = 33724 Platforms:Windows Bug

Re: Double Denial of Service in Call of Duty 4 1.6

Version 1.7 of CoD4, released yesterday, is vulnerable too. --- Luigi Auriemma http://aluigi.org

Double Denial of Service in Call of Duty 4 1.6

### Luigi Auriemma Application: Call of Duty 4: Modern Warfare http://www.callofduty.com Versions: = 1.6 Platforms:Windows (tested) and Linux Bugs: A] Attempted

NULL pointer in World in Conflict 1.008

### Luigi Auriemma Application: World in Conflict http://www.worldinconflict.com Versions: = 1.008 Platforms:Windows Bug: NULL pointer Exploitation: remote, versus

NULL pointer in the HTTP/XML-RPC service of Crysis 1.21

### Luigi Auriemma Application: Crysis http://www.ea.com/crysis/home.jsp Versions: = 1.21 (1.1.1.6156 showed as gamever) Platforms:Windows Bug: NULL pointer

Server freezed in Skulltag 0.97d2-RC2

### Luigi Auriemma Application: Skulltag http://www.skulltag.com Versions: = 0.97d2-RC2 Platforms:Windows, Linux and FreeBSD Bug: loop during the parsing

Denial of Service in S.T.A.L.K.E.R. 1.0006

### Luigi Auriemma Application: S.T.A.L.K.E.R.: Shadow of Chernobyl http://www.stalker-game.com Versions: = 1.0006 Platforms:Windows Bug: Denial of Service

Re: ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability

by the same vendor (Double-Take, not HP). --- Luigi Auriemma http://aluigi.org

Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows

in zlib. --- Luigi Auriemma http://aluigi.org

Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53

### Luigi Auriemma Application: HP OpenView Network Node Manager http://www.openview.hp.com/products/nnm/ Versions: = 7.53 Platforms:Windows (tested), Solaris, Linux, HP-UX

Re: Multiple vulnerabilities in HP OpenView NNM 7.53

Forget the yesterday's advisory, the setup didn't installed the 7.53 patches from the ISO and so I was working on an old version. The following is a new vulnerability tested on 7.53: http://aluigi.org/adv/closedview-adv.txt --- Luigi Auriemma http://aluigi.org

Multiple vulnerabilities in HP OpenView NNM 7.53

### Luigi Auriemma Application: HP OpenView Network Node Manager http://www.openview.hp.com/products/nnm/ Versions: = 7.53 Platforms:Windows (tested), Solaris, Linux, HP-UX

Directory traversal in LANDesk Management Suite 8.80.1.1

### Luigi Auriemma Application: LANDesk Management Suite http://www.landesk.com/products/ldms/index.aspx Versions: = 8.80.1.1 Platforms:Windows Bug: directory

Directory traversal in 2X ThinClientServer v5.0_sp1-r3497

### Luigi Auriemma Application: 2X ThinClientServer http://www.2x.com/thinclientserver/ Versions: = v5.0_sp1-r3497 (TFTPd.exe = 3.2.0.0) Platforms:Windows Bug

Multiple vulnerabilities in solidDB 06.00.1018

### Luigi Auriemma Application: IBM solidDB http://www.solidtech.com/en/products/relationaldatabasemanagementsoftware/embed.asp Versions: = 06.00.1018 Platforms:Windows

Buffer-overflow in ASUS Remote Console 2.0.0.24

### Luigi Auriemma Application: ASUS Remote Console http://www.asus.com/999/html/share/9/icon/9/index.htm#asmb3 Versions: = 2.0.0.24 Platforms:Windows Bug: buffer

Multiple heap overflows in xine-lib 1.1.11

### Luigi Auriemma Application: xine-lib http://xinehq.de Versions: = 1.1.11 Platforms:Linux, *BSD, Solaris, Irix, MacOSX, Windows and others Bugs: A] heap-overflow

VLC highlander bug

-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications 8-) Instead the SVN version was and is patched from 10 months as I wrote in my old advisory: http://aluigi.org/adv/vlcboffs-adv.txt --- Luigi Auriemma http

Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)

### Luigi Auriemma Application: McAfee Framework (implemented in McAfee ePolicy Orchestrator 4.0 http://www.mcafee.com/us/enterprise/products/system_security_management

Denial of Service in PacketTrap TFTP server 2.0.3901.0

### Luigi Auriemma Application: pt360 Tool Suite PRO http://www.packettrap.com/product/index.aspx Versions: = 2.0.3901.0 Platforms:Windows Bug: Denial of Service

NULL pointer in Remotely Anywhere 8.0.668

### Luigi Auriemma Application: Remotely Anywhere Server and Workstation http://www.remotelyanywhere.com Versions: = 8.0.668 Platforms:Windows Bug: NULL pointer

Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076

### Luigi Auriemma Application: Acronis PXE Server http://www.acronis.com/enterprise/products/snapdeploy/ Versions: = 2.0.0.1076 Platforms:Windows Bugs: A] directory

Vulnerabilities in Timbuktu Pro 8.6.5

### Luigi Auriemma Application: Timbuktu Pro Remote Control Software http://www.netopia.com/software/products/tb2/ Versions: = 8.6.5 [RC 229] Platforms:Windows

Multiple vulnerabilities in ASG-Sentry 7.0.0

### Luigi Auriemma Application: ASG-Sentry http://www.asg-sentry.com Versions: = 7.0.0 Platforms:Windows and Unix Bugs: A] arbitrary files deleting B

Invalid memory access in Acronis True Image Group Server 1.5.19.191

### Luigi Auriemma Application: Acronis True Image Group Server http://www.acronis.com/enterprise/products/ATIES/group-server.html Versions: = 1.5.19.191 (included

NULL pointer in Acronis True Image Windows Agent 1.0.0.54

### Luigi Auriemma Application: Acronis True Image Windows Agent http://www.acronis.com/enterprise/products/ATIES/windows-agent.html Versions: = 1.0.0.54 (included

Directory traversal in Argon Client Management Services 1.31

### Luigi Auriemma Application: Argon Client Management Services http://www.argontechnology.com/product.aspx/cid1/43 Versions: = 1.31 (TFTP Boot Server = 2.5.3.1) Platforms

Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13

### Luigi Auriemma Application: MailEnable Professional and Enterprise http://www.mailenable.com Versions: = 3.13 Platforms:Windows Bugs: A] multiple post-auth buffer

Directory traversal in MicroWorld eScan Server 9.0.742.98

### Luigi Auriemma Application: MicroWorld eScan Server (aka eScan Management Console) http://www.mwti.net Versions: = 9.0.742.98 Platforms:Windows Bug: directory

Multiple vulnerabilities in Perforce Server 2007.3/143793

### Luigi Auriemma Application: Perforce Server http://www.perforce.com Versions: = 2007.3/143793 Platforms:Windows, Unix, Linux and Mac Bugs: NULL pointers, invalid

Arbitrary commands execution in Versant Object Database 7.0.1.3

### Luigi Auriemma Application: Versant Object Database http://www.versant.com/en_US/products/objectdatabase Versions: = 7.0.1.3 Platforms:Windows, Solaris, HP-UX, AIX, Linux

NULL pointer in SurgeFTP 2.3a2

### Luigi Auriemma Application: SurgeFTP http://www.netwinsite.com/surgeftp/ Versions: = 2.3a2 Platforms:Windows, Linux and Solaris Bug: NULL pointer access

Multiple vulnerabilities in Double-Take 5.0.0.2865

### Luigi Auriemma Application: Double-Take http://www.doubletake.com Versions: = 5.0.0.2865 (version 4.5.x tested with success too) Platforms:Windows Bugs

Heap overflow in Sybase MobiLink 10.0.1.3629

### Luigi Auriemma Application: Sybase MobiLink http://www.sybase.com/developer/mobile/sqlanywhere/mobilink Versions: = 10.0.1.3629 Platforms:Windows and Linux/Unix Bug

NULL pointer crash in freeSSHd 1.20

### Luigi Auriemma Application: freeSSHd http://www.freesshd.com Note: is possible that the problem affects also wodSSHServer anyway this has not been

Access violation and limited informations disclosure in webcamXP 3.72.440.0

### Luigi Auriemma Application: webcamXP http://www.webcamxp.com Versions: = 3.72.440.0 = beta 4.05.280 Platforms:Windows Bug: access violation

Two heap overflow in Foxit WAC Server 2.0 Build 3503

### Luigi Auriemma Application: Foxit Remote Access Server (WAC Server) http://www.foxitsoft.com/wac/server_intro.php Versions: = 2.0 Build 3503 Platforms:Windows Bugs

Multiple buffer-overflow in NowSMS v2007.06.27

### Luigi Auriemma Application: Now SMS/MMS Gateway http://www.nowsms.com Versions: = v2007.06.27 Platforms:Windows Bugs: A] web authorization buffer-overflow

Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11

### Luigi Auriemma Application: RPM Remote Print Manager http://lpd.brooksnet.com Versions: = 4.5.1.11 (tested both the Elite and Select versions) the beta version

Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

to 7.4.1.0 and 1.0.4.0. --- Luigi Auriemma http://aluigi.org

Directory traversal and DoS in WinIPDS G52-33-021

### Luigi Auriemma Application: Intermate WinIPDS http://www.intermate.com/ipdssoftware Versions: = Release 3.3 Revision G52-33-021 Platforms:Windows Bugs

Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

uninstalled, redownloaded and reinstalled both the program and the patch just in this moment and I can confirm the exact behaviour described above. --- Luigi Auriemma http://aluigi.org

Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105

### Luigi Auriemma Application: Larson Software Technology Network Print Server http://www.cgmlarson.com/products/NetworkPrintServer.php Versions: = 9.4.2 build 105 Platforms

Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x

### Luigi Auriemma Applications: Opium OPI Server http://www.cyansoftware.com/Opium_OPI.htm cyanPrintIP Easy OPI http://www.cyansoftware.com

Multiple vulnerabilities in EztremeZ-IP File and Printer Server 5.1.2x15

### Luigi Auriemma Application: EztremeZ-IP File and Printer Server http://www.grouplogic.com/products/extreme/overview.cfm Versions: = 5.1.2x15 Platforms:Windows Bugs

Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

### Luigi Auriemma Application: SafeNet Sentinel Protection Server SafeNet Sentinel Keys Server http://www.safenet-inc.com Versions: = 7.4.1.0 (aka

Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1

### Luigi Auriemma Application: Ipswitch Instant Messaging http://www.ipswitch.com/products/instant_messaging Versions: = 2.0.8.1 Platforms:Windows Bugs: A] pre-auth

Logs visualization in WS_FTP Server Manager 6.1.0.0

### Luigi Auriemma Application: WS_FTP Server Manager http://www.wsftp.com Versions: WS_FTP Server = 6.1.0.0 Platforms:Windows Bugs: A] authorization bypassing in log

Chat vulnerabilities in TinTin++ 1.97.9

### Luigi Auriemma Application: TinTin++ / WinTin++ http://tintin.sourceforge.net Versions: = 1.97.9 Platforms:Windows, Linux and Mac Bugs: A] chat buffer-overflow

Socket termination in FTP Log Server 7.9.14.0

### Luigi Auriemma Application: FTP Log Server http://www.wsftp.com Versions: = 7.9.14.0 Platforms:Windows Bug: socket termination Exploitation: remote Date

Multiple vulnerabilities in SAPlpd 6.28

### Luigi Auriemma Application: SAPlpd http://www.sap.com Versions: = 6.28 (included in SAP GUI 7.10) Platforms:Windows Bugs: various vulnerabilities Exploitation

Multiple vulnerabilities in WinCom LPD Total 3.0.2.623

### Luigi Auriemma Application: WinCom LPD Total - Line Printer Daemon http://clientsoftware.com.au/lpd.html Versions: = 3.0.2.623 Platforms:Windows Bugs: A] buffer

Re: Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5

vulnerables 1.7.x versions of uTorrent. Then some days ago has been released BitTorrent 6.0.1 which fixes the vulnerability in this client too. --- Luigi Auriemma http://aluigi.org

Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5

### Luigi Auriemma Applications: BitTorrent and uTorrent http://www.bittorrent.com http://www.utorrent.com Versions: BitTorrent = 6.0 (build 5535

Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70

used in my PoC has been added because during my tests gave better results. Naturally mine is only an idea on which I worked for testing in practice the effects of the bug here on my system (Windows XP SP2), so anyone can find better methods and solutions moreover about the compability. --- Luigi

Re: Buffer-overflow in Quicktime Player 7.3.1.70

to who simply did a personal test. --- Luigi Auriemma http://aluigi.org

Re: Buffer-overflow in Quicktime Player 7.3.1.70

system on which it runs, Windows XP, Windows Vista, Mac OS X, Y, Z and so on. BYEZ --- Luigi Auriemma http://aluigi.org

Buffer-overflow in Quicktime Player 7.3.1.70

### Luigi Auriemma Application: Quicktime Player http://www.apple.com/quicktime Versions: = 7.3.1.70 Platforms:Windows and Mac Bug: buffer-overflow Exploitation

Pre-auth remote commands execution in SAP MaxDB 7.6.03.07

### Luigi Auriemma Application: SAP MaxDB https://www.sdn.sap.com/irj/sdn/maxdb http://www.sap.com Versions: = 7.6.03 build 007 Platforms:Windows, Linux

Multiple vulnerabilities in yaSSL 1.7.5

### Luigi Auriemma Application: yaSSL http://www.yassl.com Versions: = 1.7.5 Platforms:Windows and *nix Bugs: A] buffer-overflow in ProcessOldClientHello

Pre-auth buffer-overflow in mySQL through yaSSL

it are the usage of SSL on the server and naturally having an IP address with access to the database. By default mySQL uses yaSSL (1.6.0) for avoiding licences conflicts, anyway if the test server has been compiled with specific OpenSSL support it is NOT vulnerable. --- Luigi Auriemma http://aluigi.org

Some DoS in some telnet servers

Denial of Service in Pragma TelnetServer 7.0.4.589 http://aluigi.org/adv/pragmatel-adv.txt Exception message in Seattle Lab Telnet Server 4.1.1.3758 http://aluigi.org/adv/slnetmsg-adv.txt Exception message in VanDyke VShell 3.0.3.569 http://aluigi.org/adv/vshellmsg-adv.txt --- Luigi

Buffer-overflow and format string in White_Dune 0.29beta791

### Luigi Auriemma Application: White_Dune http://vrml.cip.ica.uni-stuttgart.de/dune/ Versions: = 0.29beta791 Platforms:Unix/Linux/MacOSX and Windows Bugs: A] buffer

Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003

### Luigi Auriemma Application: Georgia SoftWorks SSH2 Server (GSW_SSHD) http://www.georgiasoftworks.com/prod_ssh2/ssh2_server.htm Versions: = 7.01.0003 Platforms:Windows Bugs

  1   2   >