Apple Itunes is prone to a buffer-overflow when handling M3U files with an overly long string.

EzServer is prone to a buffer-overflow when handling packets with an overly long string.

This module exploits a use-after-free vulnerability in the MSHTML component in Internet Explorer. The specific error ocurrs due to the way Internet Explorer handles objects in memory. It is possible to use a pointer in CTableRowCellsCollectionCacheItem::GetNext after it gets freed and get remote code execution.



This vulnerability was one of the 2012's Pwn2Own challenges.

A buffer overflow exists in a component of the Robot Communication Runtime used in some ABB programs for the communications to the IRC5, IRC5C, and IRC5P robot controllers.

This version add CVE.

This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution.



This update adds support for FreeBSD, OpenBSD, RedHat and Windows platforms.

VLC Media Player is prone to a buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious .S3M media files.

This version adds the CVE number.

VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file.

This update adds the CVE number.

Diamond Programmer is prone to a buffer-overflow when handling specially crafted XCF files with an overly long string.

There is a buffer overflow in the script-fu server component of GIMP

(the GNU Image Manipulation Program) when sending a crafted package to the port 10008.

MicroP is prone to a buffer-overflow when handling MPPL files with an overly long string.