CVE-2019-14412

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...

Format string

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...

CVE-2019-14412

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...

CVE-2019-14412

CVE-2019-14412 affects cPanel before 78.0.2, where the Maketext function can perform a format-string injection via the DCV domain validation via DNS UAPI (SEC-474). The underlying issue is a formatting string handling flaw in Maketext, enabling injection within the DCV check_domains_via_dns UAPI....

CVE-2019-14410

Maketext in cPanel before 78.0.2 allows format-string injection in the Email storefilter UAPI SEC-472...

CVE-2019-14410

CVE-2019-14410 affects cPanel prior to 78.0.2. Maketext in the Email store_filter UAPI allows a format-string injection vulnerability (SEC-472). The issue is described as a formatting string error in cPanel’s UI/automation layer, with a local attack surface and low CVSS scores reported. Affected ...

The vulnerability of the tcp_emu component of the hardware emulation software QEMU allows a hacker to disclose protected information.

The vulnerability of the tcpemu component slirp/tcpsubr.c of the QEMU hardware emulation software is related to incorrect initialization of data in calls to snprintf. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

Critical RCE Flaw in Palo Alto Gateways Hits Uber

A remote code-execution RCE vulnerability has been uncovered in the GlobalProtect portal and GlobalProtect Gateway interface security products from Palo Alto Networks. It’s an unusual zero-day case, having been previously unknown but inadvertently fixed in later releases — but some large companie...

Foxit Reader Format String Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...

ncu-ad-course-2017-pwn

This repository is an offensive tool for a Capture The Flag CTF challenge. It contains a series of pwn tasks created by the author for the NCU A&D course. The tasks are designed to test the participants' skills in exploiting vulnerabilities and bypassing security measures. The repository includes...

pwn_step_in

This is a collection of C code and Python scripts that demonstrate various heap exploitation techniques. The code is organized into several directories, each containing a specific example. The "heap" directory contains a C program called "forceofhouse" that demonstrates a heap overflow...

CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2019-7230

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2019-7230

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

ABB IDAL HTTP Server Uncontrolled Format String

XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability ======================================================================== Identifiers ----------- XL-19-012 CVE-2019-7228 ABBVU-IAMF-1902007 CVSS Score ---------- 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected vendor...

ABB IDAL FTP Server Uncontrolled Format String

XL-19-004 - ABB IDAL FTP Server Uncontrolled Format String Vulnerability ======================================================================== Identifiers ----------- XL-19-004 CVE-2019-7230 ABBVU-IAMF-1902008 CVSS Score ---------- 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected vendor...

Format string vulnerabilities in `pancurses`

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory...

RUSTSEC-2019-0005 Format string vulnerabilities in `pancurses`

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory...

PT-2019-2568 · Abb · Abb Idal Ftp Server

Name of the Vulnerable Software and Affected Versions: ABB IDAL FTP server affected versions not specified Description: The issue is related to the mishandling of format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the...