Advantech WebAccess webvrpcs Service BwOpcSvc.dll sprintf Uncontrolled Format String Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13881 IOCTL in the BwOpcTool subsystem. An uncontrolled...

PHP 7.0.x < 7.0.1 Multiple Vulnerabilities

Binary data 9064.prm...

The vulnerability of the PHP interpreter allows attackers to execute arbitrary code.

The vulnerability of the zendthroworerror function in the Zend/zendexecuteAPI.c module of the PHP interpreter is related to the use of an uncontrolled format string. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by using format string parameters that involv...

Internet Bug Bounty: PHP-FPM fpm_log.c memory leak and buffer overflow

The FastCGI Process Manager FPM SAPI of PHP was vulnerable to memory leak and buffer overflow in the access logging feature. PHP-FPM offers customization of the access log lines based on format string variables which can be specified with the access.format option of the FPM configuration file. Th...

CVE-2015-8617

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

CVE-2015-8617

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

Format string

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

CVE-2015-8617

Removed by vendor...

CVE-2015-8617

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

CVE-2015-8617

CVE-2015-8617 is a format-string vulnerability in PHP 7.x before 7.0.1. Reported in Zend/zend_execute_API.c (zend_throw_or_error), it allows remote code execution when a string with format specifiers is misused as a class name, causing incorrect error handling. Multiple sources (NVD, SUSE, others...

KLA10746 Multiple vulnerabilities in PHP

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to cause denial of service, affect arbitrary files, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Multiple integer overflows can be...

CVE-2015-2894

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service application crash via format string specifiers...

Format string

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service application crash via format string specifiers...

CVE-2015-2894

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service application crash via format string specifiers...

CVE-2015-2894

Affected software. Up.time Up.time client (Windows) used by Idera Uptime Infrastructure Monitor. The CVE-2015-2894 vulnerability pertains to versions 6.0 and 7.2. Root cause and impact. A format string vulnerability (CWE-134) allows an unauthenticated, remote attacker to cause the application to ...

PHP远程格式化字符串漏洞

No description provided by source...

IBM Tivoli Storage Manager FastBack Server Format String (CVE-2015-1953; CVE-2015-1986)

A format string vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient sanitization on parameters of Opcode 1301 requests.A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP.Successf...

PHP Remote Formatting String Vulnerability

PHP is an open source general-purpose computer scripting language. A remote format string vulnerability exists in PHP that can be exploited by a remote attacker to crash an application or execute arbitrary code by submitting a special request. A remote attacker could exploit the vulnerability to...

PHP 7.0.0 Format String

Overview -------------------------------------------- A fun little format string vulnerability exists in PHP 7.0.0 due to how non-existent class names are handled. From my limited research I believe this issue is likely exploitable for full code execution see test script below. This issue does no...

PHP 7.0.0 - Format String

Exploit for multiple platform in category dos / poc Overview -------------------------------------------- A fun little format string vulnerability exists in PHP 7.0.0 due to how non-existent class names are handled. From my limited research I believe this issue is likely exploitable for full code...