CVE-2017-5613

CVE-2017-5613 affects the cgiemail and cgiecho CGI programs. A format-string vulnerability in template handling allows a local attacker with template-file access to execute code as the webserver user. Debian fixed this in package cgiemail 1.6-37+deb7u1 (DLA-869-1) by restricting format strings to...

CVE-2017-5613

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file...

cgiemail and cgiecho format string vulnerabilities

cPanel is a Web-based hosting control management system from the U.S. company cPanel. The management system is mainly used to automate the control of web sites and servers. cgiemail is one of the mail servers. A format string vulnerability exists in cgiemail and cgiecho. An attacker can exploit...

Information Disclosure

jsonmodel is vulnerable to information disclosure. It is possible to read data in an error log by placing format string special characters in a class name...

VMware Workstation Code Execution And Privilege Escalation Vulnerabilities (VMSA-2012-0015) - Windows

VMware Workstation is prone to code execution and privilege escalation vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Player Code Execution And Privilege Escalation Vulnerabilities (VMSA-2012-0015) - Windows

VMware Player is prone to code execution and privilege escalation vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE SLED12 / SLES12 Security Update : dbus-1 (SUSE-SU-2017:0292-1)

This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed : - bsc1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included : - Change the default...

UBUNTU-CVE-2017-5356

Irssi before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a string containing a formatting sequence % without a closing bracket...

GLSA-201701-20 : D-Bus: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-201701-20 D-Bus: Format string vulnerability It was discovered that D-Bus incorrectly handles certain format strings. The impact of this new vulnerability is believed to not be exploitable if D-Bus is patched against CVE-2015-0245...

Python format string vulnerabilities in Django, for example-the vulnerability of early warning-the black bar safety net

! Author: phithon In the C language, there is a class of particularly interesting vulnerability, format string vulnerability. The light then destroy the memory, read and write any address of the content, binary content, I will not say, say to also do not understand, share the link...

Python's new string format vulnerability analysis-vulnerability warning-the black bar safety net

This article on Python introduced a formatted string of the new syntax of the security vulnerabilities in-depth analysis, and provide appropriate security solutions. When we are on untrusted user input using str. the format of the time, will bring security risks-for this problem, in fact I have...

libxml2: Format string vulnerability

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors...

Apple Mac OS X Multiple Vulnerabilities-02 (Nov 2016)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

php: Format string vulnerability in php_snmp_error()

Format string vulnerability in the phpsnmperror function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call...

openSUSE Security Update : dbus-1 (openSUSE-2016-1269)

This update for dbus-1 to version 1.8.22 fixes several issues. This security issue was fixed : - boo1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. These non-security issues were fixed : - boo978477: Correctly reset timeouts for pending fi...

CVE-2003-0584

Format string vulnerability in Backup and Restore Utility for Unix BRU 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument...

CVE-2003-0584

The vulnerability CVE-2003-0584 affects the Backup and Restore Utility for Unix (BRU) versions 17.0 and earlier. The root cause is a format string vulnerability in a command line argument when BRU runs with setuid privileges, allowing a local attacker to execute arbitrary code. The available docu...

PHP 7 is due. 0. 0 format string vulnerability with the EIP hijack analysis-vulnerability warning-the black bar safety net

PHP 7 is due. 0. 0 this format string vulnerability is 1 5 year 1 2 On On exploit-db. When found, the author in Beijing to the North-East of a information security company to work, then busy, and failed to delve into it. In recent days inadvertently saw this vulnerability and found this...

CVE-2016-6901

Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of servic...

CVE-2016-6901

Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of servic...