CVE-2015-8617

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

Format string

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

CVE-2015-8617

CVE-2015-8617 is a format-string vulnerability in PHP 7.x before 7.0.1. Reported in Zend/zend_execute_API.c (zend_throw_or_error), it allows remote code execution when a string with format specifiers is misused as a class name, causing incorrect error handling. Multiple sources (NVD, SUSE, others...

CVE-2015-8617

Format string vulnerability in the zendthroworerror function in Zend/zendexecuteAPI.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling...

CVE-2015-8617

Removed by vendor...

KLA10746 Multiple vulnerabilities in PHP

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to cause denial of service, affect arbitrary files, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Multiple integer overflows can be...

CVE-2015-2894

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service application crash via format string specifiers...

Format string

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service application crash via format string specifiers...

CVE-2015-2894

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service application crash via format string specifiers...

CVE-2015-2894

Affected software. Up.time Up.time client (Windows) used by Idera Uptime Infrastructure Monitor. The CVE-2015-2894 vulnerability pertains to versions 6.0 and 7.2. Root cause and impact. A format string vulnerability (CWE-134) allows an unauthenticated, remote attacker to cause the application to ...

PHP远程格式化字符串漏洞

No description provided by source...

IBM Tivoli Storage Manager FastBack Server Format String (CVE-2015-1953; CVE-2015-1986)

A format string vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient sanitization on parameters of Opcode 1301 requests.A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP.Successf...

PHP Remote Formatting String Vulnerability

PHP is an open source general-purpose computer scripting language. A remote format string vulnerability exists in PHP that can be exploited by a remote attacker to crash an application or execute arbitrary code by submitting a special request. A remote attacker could exploit the vulnerability to...

PHP 7.0.0 Format String

Overview -------------------------------------------- A fun little format string vulnerability exists in PHP 7.0.0 due to how non-existent class names are handled. From my limited research I believe this issue is likely exploitable for full code execution see test script below. This issue does no...

PHP 7.0.0 - Format String

PHP 7.0.0 - Format String Overview -------------------------------------------- A fun little format string vulnerability exists in PHP 7.0.0 due to how non-existent class names are handled. From my limited research I believe this issue is likely exploitable for full code execution see test script...

PHP 7.0.0 - Format String

Exploit for multiple platform in category dos / poc Overview -------------------------------------------- A fun little format string vulnerability exists in PHP 7.0.0 due to how non-existent class names are handled. From my limited research I believe this issue is likely exploitable for full code...

Internet Bug Bounty: Format string vulnerability in zend_throw_or_error()

Reference: ------------ https://bugs.php.net/bug.php?id=71105 http://www.php.net/ChangeLog-7.php7.0.1 Description: ------------ A format string vulnerability exists in PHP-7.0.0 due to how non-existent class names are handled. From my limited research I believe this issue is exploitable for full...

PHP 7.0.x < 7.0.1 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.1. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in the collatorsortwithsortkeys function due to improper clearing of pointers when destroying an array. An...

Up.time agent for Windows contains multiple vulnerabilities

Overview The Up.time client for Windows is vulnerable to an format string attack as well as a buffer overflow, and may allow unauthenticated users to perform certain commands. Description CWE-134: Uncontrolled Format String - CVE-2015-2894For version 6.0 and 7.2, an unauthenticated attacker on th...

Mageia: Security Advisory (MGASA-2015-0453)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...