108 matches found
PHP SoapFault Type Confusion
Type Confusion Infoleak Vulnerability in unserialize with SoapFault Taoguang Chen - Write Date: 2015.3.1 - Release Date: 2015.4.28 A type confusion vulnerability was discovered in unserialize with SoapFault object's toString magic method that can be abused for leaking arbitrary memory blocks...
PHP DateTime - Use-After-Free
Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup magic method that can be abused...
Mac-OS-X-Server-DirectoryService-Buffer-Overflow
The bug is located in the function 'DSTCPEndpoint::AllocFromProxyStruct' from 'DSTCPEndpoint.cpp'1. An attacker can control both the value of 'inProxyDataMsg-fDataSize' and the data that will be copied. Thus, by sending a huge amount of data and a small buffer size, the service will crash trying ...
Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Vulnerability
A vulnerability in Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971, and Cisco Unified IP Phone 8961 could allow an authenticated, local attacker to fully compromise the affected device. The vulnerability is due to insecure file permissions on memory block devices. An attacker could explo...
CVE-2013-6685
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382...
PT-2013-6105 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.12 Description: The issue is related to the uio mmap physical function in the Linux kernel, which does not validate the size of a memory block. This allows local users to cause a denial of service, such as...
Apache APR和APR-util整数溢出漏洞
Bugraq ID: 35949 CVE ID:CVE-2009-2412 Apache APR-util是一款可移植运行库,全名为Apache Portable Runtime。 Apache APR Apache Portable Runtime和'APR-util'存在整数溢出,远程攻击者可以利用漏洞以利用此库的应用程序安全上下文执行任意代码。 -当对齐重定位内存块时memory/unix/aprpools.c存在整数溢出错误,可导致缓冲区溢出。 -当对齐重定位内存块时misc/aprrmm.c中的"aprrmmmalloc", "aprrmmcalloc",...
USN-108-1: GDK vulnerability
Matthias Clasen discovered a Denial of Service vulnerability in the BMP image module of gdk. Processing a specially crafted BMP image with an application using gdk-pixbuf caused an allocated memory block to be free'ed twice, leading to a crash of the application. However, it is believed that this...