A boundary error exists in the WebPlayer ActiveX control when processing the "SRC" property with an overly long string.
The vulnerability is caused due to a boundary error when processing the tags within .PAC files. This can be exploited to cause a stack-based buffer overflow via an overly long string.
The DiagTraceR3Info function of the disp+work.exe component of SAP Netweaver is prone to a remote buffer overflow when the work process trace level is set to values 2 or 3 for the Dialog Processor component. This vulnerability can be exploited to execute arbitrary code on the vulnerable machine by sending a specially crafted packet containing ST_R3INFO CODEPAGE items.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The DeleteReports method makes use of the uncsp_DeleteReports stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.
This module exploits a buffer overflow vulnerability in the NSEPA.NsepaCtrl.1 ActiveX control in Nsepa.ocx in Citrix Access Gateway Enterprise Edition. When the control processes a crafted HTTP header data, a stack based buffer overflow occurs allowing execution of arbitrary code.
IBM Rational ClearQuest ActiveX control Cqole.dll is vulnerable to a buffer overflow, caused by a function prototype mismatch in the RegisterSchemaRepoFromFileByDbSet() function.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection.
The CrazyTalk4Native.dll bundled with Dell Webcam Central is prone to a buffer overflow which is exploited by this module.
ASUS Net4Switch is prone to an overflow condition related to the ActiveX component ipswcom.dll. The CxDbgPrint()function (cxcmrt.dll) fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted message string passed to the Alert() method, a remote attacker can potentially execute arbitrary code.