8510 matches found
CVE-2015-0980
SCADA Engine BACnet OPC Server (BACnet OPC Server) before version 2.1.371.24 is affected by CVE-2015-0980 via a format-string vulnerability in the SOAP web interface (BACnOPCServer.exe). Exploitation could allow remote attackers to execute arbitrary code. The ICS-CERT advisory notes a fixed versi...
BACnet OPC Server Denial of Service Vulnerability
BACnet OPC Server provides data access, alerts, and access to event and historical data between OPC clients and BACnet-compatible devices. BACnet OPC Server suffers from a format string vulnerability in BACnOPCSever.exe's handling of constructed requests, which can be exploited by an attacker to...
Amazon Linux AMI : graphviz-php (ALAS-2015-488)
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. C Tenable Network Security, Inc. The descriptive text and...
Medium: graphviz
Issue Overview: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Affected Packages: graphviz Issue Correction:...
Medium: graphviz-php
Issue Overview: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Affected Packages: graphviz-php Issue...
By the Ghost vulnerability to cause“bloodshed”-vulnerability warning-the black bar safety net
0x00 background Recently a security company found the glibc gethostbyname buffer overflow vulnerability, the vulnerability is named ghost, the reason is glibc's Gethostbyname functions in processing incoming malformations of the domain information for parsing leads to heap overflow, numerous web...
CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
DEBIAN-CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
UBUNTU-CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
Format string
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
CVE-2014-8625
CVE-2014-8625 affects dpkg prior to 1.17.22, where the parse_error_msg function in parsehelp.c is vulnerable to format-string processing via the package or architecture name, enabling a denial of service and potentially arbitrary code execution. Public references in the connected docs consistentl...
CVE-2014-8625
Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...
Updated glibc packages fix security vulnerabilities
The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context- dependent attackers to bypass the FORTIFYSOURCE format-string...
XM-Easy-Personal-FTP-Server
Because this address is relative and has a static base in this environment, I was able to use the heap chunk address as the pointer to write at the vtable. Then a function is called at offset 0xb0 or 0x98 and we can reliably return into a ROP payload and execute arbitrary code. import socket impo...
CVE-2013-2131
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...
Format string
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...
UBUNTU-CVE-2013-2131
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...