PT-2016-3271 · Xmlsoft +5 · Libxml2 +5

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.4 Description: The issue is related to a format string vulnerability in the libxml2 library. This vulnerability may allow attackers to have an unspecified impact through format string specifiers in unknown vector...

UBUNTU-CVE-2016-2559

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

PYSEC-2015-11

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...

UBUNTU-CVE-2015-8213

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...

PHPok v4.1 /framework/www/project/control.php SQL注入漏洞

/framework/www/projectcontrol.php $ext = $this-get"ext"; if$ext && isarray$ext $c = ''; foreach$ext AS $key=$value if$key && $value $c = "ext.".$key." LIKE '%".$value."%'"; $pageurl .= "ext".$key."=".rawurlencode$value."&"; if$c $dt'sqlext' = implode" AND ",$c; $this-assign'ext',$ext;...

Integer overflow

Multiple integer overflows in the strfmon implementation in the GNU C Library aka glibc or libc6 2.10.1 and earlier allow context-dependent attackers to cause a denial of service memory consumption or application crash via a crafted format string, as demonstrated by a crafted first argument to th...

Stack overflow

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service application crash and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval...

HP-UX 11i (swask) Format String Local Root Exploit

Exploit for hp-ux platform in category local exploits ================================================== HP-UX 11i swask Format String Local Root Exploit ================================================== / HP-UX swask format string local root exploit ============================================...

CVE-2004-1301

Buffer overflow in the bookformatsql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel XLS file...