Page 6 of 28 results (0.018 seconds)

CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 0

Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610. Múltiples desbordamientos basados en pila en múltiples funciones en vncviewer/FileTransfer.cpp en vncviewer para UltraVNC v1.0.2 y v1.0.4 versiones anteriores a v01252008, cuando en modo ESCUCHA o cuando utilizan el extensión (plugin) DSM, permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de vectores no especificados, una cuestión diferente a CVE-2008-0610. • http://forum.ultravnc.info/viewtopic.php?p=45150#45150 http://secunia.com/advisories/28804 http://sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887 http://ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/FileTransfer.cpp?view=log#rev183 http://www.securityfocus.com/bid/27687 http://www.vupen.com/english/advisories/2008/0486 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 33%CPEs: 5EXPL: 3

Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value. Desbordamiento de búfer basado en pila en la función ClientConnection::NegotiateProtocolVersion en vncviewer/ClientConnection.cpp de vncviewer para UltraVNC 1.0.2 y 1.0.4 antes de 01252008. Cuando se está en modo ESCUCHA (LISTENING) o cuando se utiliza el plugin DSM, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída) a través de un valor de tamaño modificado. • https://www.exploit-db.com/exploits/18666 http://forum.ultravnc.info/viewtopic.php?t=11850 http://secunia.com/advisories/28747 http://sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887 http://ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/ClientConnection.cpp?sortby=date&r1=169&r2=168&pathrev=169 http://www.exploit-db.com/exploits/18666 http://www.kb.cert.org/vuls/id/721460 http://www.securityfocus.com/bid/27561 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0057.html http://www.securityfocus.com/bid/17824 https://exchange.xforce.ibmcloud.com/vulnerabilities/26283 •