Bugs
- libavcodec insufficient boundary check oCert report (2011-002) / CVE-2011-3362
- Ruby Integer to Heap Overflow CVE-2009-4124
- Multiple PHP Issues oCert report (2009-017)
- Android Dalvik API Issues oCert report (2009-014) / CVE-2009-3698
- VMWare ACE Privilege Escallation VMSA-2009-0005 / CVE-2009-0908
- Asterisk JPEG Codec Integer Overflow - CVE-2006-1827
- IE Remote Memory Access Violation - BID 10299
- Microsoft System Information buffer overflow - CVE-2004-1649
- Certificate Spoofing Mozilla FireFox - CVE-2004-0763
- Certificate Stealing (IE) - BID 10248
- Kerio Personal Firewall remote off BID 10075
Some simple bugs found using bugle and autobugle
- fssdispadmin buffer overflow
There is a buffer overflow vulnerability in fssdispadmin at line 70
CODE : (void) strcpy(cmdpath, argv[0]);
BUG : if argv[0] larger than 256 chars a BOF condidition will occur
*This bug has been reported to opensolaris team.
- Nireport Buffer overflow (Mac OS X 10.4.7 (Darwin 8.7)
There is a buffer overflow vulnerability in nineport at line 178
CODE : char myname[128]; ..... if (slash == NULL) strcpy(myname, argv[0]);
BUG : if argv[0] larger than 128 chars a BOF condidition will occure /usr/sbin/nireport runs as the user executing it and is not granted any additional privileges by default.
*This bug has been reported to Apple's security team.
Some exhaustion buggies (most likely not exploitable) :
Both of these are recursion bugs and are triggered by the character '?' and '#'