Format string

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1 pharstreamflush, 2...

CVE-2010-2094

CVE-2010-2094 affects the PHP phar extension (PHP 5.3.x before 5.3.2) via crafted phar:// URIs, enabling context-dependent attackers to view memory contents and potentially execute arbitrary code. The vulnerability is triggered by improper handling in phar_stream_flush, phar_wrapper_unlink, phar_...

CVE-2010-2094

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1 pharstreamflush, 2...

CVE-2010-2094

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1 pharstreamflush, 2...

CVE-2010-2950

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the pharstreamflush function,...

HP-UX, IBM AIX, SGI IRIX rpc.pcnfsd format string vulnerability

Format string vulnerability on syslog call...

CVE-2009-4880

Multiple integer overflows in the strfmon implementation in the GNU C Library aka glibc or libc6 2.10.1 and earlier allow context-dependent attackers to cause a denial of service memory consumption or application crash via a crafted format string, as demonstrated by a crafted first argument to th...

CVE-2010-1039

Format string vulnerability in the msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.3109 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request...

Format string

Format string vulnerability in the msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.3109 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request...

CVE-2010-1039

Format string vulnerability in the msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.3109 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request...

Tripwire Format String (CVE-2004-0536)

Tripwire is a software tool that checks file system changes on a target system. Tripwire scans file systems for changes and can be configured to send an email report with the scan details. There is a format string vulnerability in the implementation of the C++ class cPipedMailMessage in Tripwire...

PHP <= 5.3.2 ext/phar/stream.c和ext/phar/dirstream.c文件多个格式串漏洞

BUGTRAQ ID: 40173 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的ext/phar/stream.c文件中内部所使用的pharstreamflush、pharwrapperunlink、 pharparseurl、pharwrapperopenurl函数以及ext/phar/dirstream.c文件中内部所使用的pharwrapperopendir函数在处理出错情况时存在格式串漏洞。在出现错误的情况下会将error变量用作格式串来调用...

PHP 5.3.x <= 5.3.2 Multiple Format String Vulnerabilities

PHP is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced source...

kvirc -- multiple vulnerabilities

Two security vulnerabilities have been discovered: Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to...

Debian Security Advisory DSA 2042-1 (iscsitarget)

The remote host is missing an update to iscsitarget announced via advisory DSA 2042-1. OpenVAS Vulnerability Test $Id: deb20421.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2042-1 iscsitarget Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

PHP 5.3.x &lt; 5.3.2 - &#039;ext/phar/stream.c&#039; / &#039;ext/phar/dirstream.c&#039; Multiple Format String Vulnerabilities

source: https://www.securityfocus.com/bid/40173/info PHP is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Attackers can exploit these issues to run arbitrary cod...

PHP 5.3.x 5.3.2 - extpharstream.c extphardirstream.c Multiple Format String Vulnerabilities

PHP 5.3.x 5.3.2 - extpharstream.c extphardirstream.c Multiple Format String Vulnerabilities source: https://www.securityfocus.com/bid/40173/info PHP is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before passing it as the format specifi...

Debian: Security Advisory (DSA-2042-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Format string

Format string vulnerability in ovetdemandpoll.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter...

CVE-2010-1550

CVE-2010-1550 concerns HP OpenView Network Node Manager (NNM) prior to patching, affecting ovet_demandpoll.exe on OV NNM 7.01, 7.51 and 7.53. The vulnerability is a format-string error triggered by the POST variable sel in the ovet_demandpoll.exe process, allowing remote code execution without au...