Apache Dubbo 格式化字符串错误漏洞

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...

Cross-site Scripting (XSS)

express-validator is vulnerable to cross-site scripting XSS. The vulnerability exists as it was possible to bypass the sanitize function as the toString function does not sanitize arrays...

Arbitrary Code Execution

Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager...

PT-2019-1920 · Twig +2 · Twig +2

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 1.38.0 Twig versions 2.x prior to 2.7.0 Description: A sandbox information disclosure issue exists because, under some circumstances, it is possible to call the toString method on an object even if not allowed by the...

UBUNTU-CVE-2018-19789

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...

Regular Expression Denial Of Service (ReDoS)

jasmine-core is vulnerable to a Regular Expression Denial of Service ReDoS attack. The regular expression ^\sfunction\s\w\s\ is used to obtain the function name from the JS toString output of a function, which can result in a matching time of approximately 10 seconds for data that is 64K...

CVE-2016-7564

Heap-based buffer overflow in the FptoString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service crash via crafted input...

UBUNTU-CVE-2016-9138

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::wakeup...

CVE-2016-7504

A use-after-free vulnerability was observed in RptoString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition...

CVE-2016-7504

A use-after-free vulnerability was observed in RptoString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition...

CVE-2016-3897

The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information vi...

Design/Logic Flaw

The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information vi...

Adobe Flash Player Security Bypass (APSB16-18: CVE-2016-4139)

When calling window location toString or comparing window location toString is called an attacker can return arbitrary values. An attacker can make the applet believe that it is embedded inside the hosting page, by overriding window location toString. Hence, an attacker can call any method that i...

Adobe Flash TextField Variable - Use-After Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=583 If a TextField variable is set to a value with toString defined, and the TextField is updated, a use-after-free can occur if the toString method frees the TextField's...

Adobe Flash TextField.type Setter - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=577 There is a use-after-free in the TextField.type setter. If the type the field is set to is an object with toString defined, the toString function can free the field's parent object, which is then used. A minimal PoC i...

Adobe Flash MovieClip.attachMovie - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=571 There is a use-after-free in MovieClip.attachMovie. If a string parameter has toString defined, a number parameter has valueOf defined or an object parameter has its constructor redefined, it can execute code and free...

Adobe Flash TextField.type Setter - Use-After-Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=577 There is a use-after-free in the TextField.type setter. If the type the field is set to is an object with toString defined, the toString function can free the field's...

Adobe Flash TextField.replaceSel - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=585 There is a use-after-free in TextField.replaceSel. If the string parameter of the method is set to an object with toString defined, this method can delete the TextField's parent, leading to a use-after-free. A minimal...

Adobe Flash TextField.type Setter - Use-After-Free

Adobe Flash TextField.type Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=577 There is a use-after-free in the TextField.type setter. If the type the field is set to is an object with toString defined, the toString function can free the field's...

Adobe Flash - TextField.Variable Setter Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=579 There is a use-after-free in the TextField.variable setter. If the variable name that is added is an object with toString defined, the toString function can free the field's parent object, which is then used. A minima...