Gentoo Security Advisory GLSA 201603-12

Gentoo Linux Local Security Checks SPDX-FileCopyrightText: 2016 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.121454";...

GLSA-201603-12 : FlightGear, SimGear: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201603-12 FlightGear, SimGear: Multiple vulnerabilities Multiple format string vulnerabilities in FlightGear and SimGear allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via...

PT-2016-3271 · Xmlsoft +5 · Libxml2 +5

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.4 Description: The issue is related to a format string vulnerability in the libxml2 library. This vulnerability may allow attackers to have an unspecified impact through format string specifiers in unknown vector...

FlightGear, SimGear: Multiple vulnerabilities

Background FlightGear is an open-source flight simulator. It supports a variety of popular platforms Windows, Mac, Linux, etc. and is developed by skilled volunteers from around the world. Source code for the entire project is available and licensed under the GNU General Public License. SimGear i...

OpenSSL Multiple Vulnerabilities -01 (Mar 2016) - Linux

OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...

OpenSSL Multiple Vulnerabilities -01 (Mar 2016) - Windows

OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...

Advantech WebAccess webvrpcs Service BwOpcSvc.dll sprintf Uncontrolled Format String Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13881 IOCTL in the BwOpcTool subsystem. An uncontrolled...

PHP 7.0.x < 7.0.1 Multiple Vulnerabilities

Binary data 9064.prm...

The vulnerability of the PHP interpreter allows attackers to execute arbitrary code.

The vulnerability of the zendthroworerror function in the Zend/zendexecuteAPI.c module of the PHP interpreter is related to the use of an uncontrolled format string. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by using format string parameters that involv...

Internet Bug Bounty: PHP-FPM fpm_log.c memory leak and buffer overflow

The FastCGI Process Manager FPM SAPI of PHP was vulnerable to memory leak and buffer overflow in the access logging feature. PHP-FPM offers customization of the access log lines based on format string variables which can be specified with the access.format option of the FPM configuration file. Th...

CVE-2015-8617

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

CVE-2015-8617

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

Format string

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

CVE-2015-8617

CVE-2015-8617 is a format-string vulnerability in PHP 7.x before 7.0.1. Reported in Zend/zend_execute_API.c (zend_throw_or_error), it allows remote code execution when a string with format specifiers is misused as a class name, causing incorrect error handling. Multiple sources (NVD, SUSE, others...

CVE-2015-8617

Removed by vendor...

CVE-2015-8617

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

KLA10746 Multiple vulnerabilities in PHP

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to cause denial of service, affect arbitrary files, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Multiple integer overflows can be...

CVE-2015-2894

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service application crash via format string specifiers...

Format string

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service application crash via format string specifiers...

CVE-2015-2894

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service application crash via format string specifiers...