CVE-2019-7712

An issue was discovered in handleripcomshellpwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf without a proper check. An attacker may thus forge a path containin...

DEBIAN-CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

AZL-38872 CVE-2018-14661 affecting package glusterfs for versions less than 5.1-1

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

Format string

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

UBUNTU-CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

CVE-2018-14661

Technical details for CVE-2018-14661 are not provided in the connected documents. Public information in the initial entry confirms a format-string vulnerability in GlusterFS, but no affected versions, exploit details, or fixes are included here. Monitor for updates.

CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service

It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

Internet Bug Bounty: Format string implementation vulnerability, resulting in code execution

In a security audit to the sprintf implementation in perl version 5.24.1 I found a major security vulnerability, here are the full details. Timeline: ====== 6th of May, 2017 - disclosure to the PERL security mailing list 8th of May, 2017 - vulnerability confirmed by PERL's security group, found...

DEBIAN-CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

CVE-2017-12588

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact...

Ruby: sprintf combined format string attack

In a ticket that was also reported to "shopify-scripts" regarding "MRuby", I reported in details a combined attack against the sprintf gem: Information leak Heap buffer underflow The full ticket details can be found in: Ticket 212239 The ticked was opened several minutes ago but I add it in case ...

Up.time agent for Windows contains multiple vulnerabilities

Overview The Up.time client for Windows is vulnerable to an format string attack as well as a buffer overflow, and may allow unauthenticated users to perform certain commands. Description CWE-134: Uncontrolled Format String - CVE-2015-2894For version 6.0 and 7.2, an unauthenticated attacker on th...

gpsdrive <= 2.09 (friendsd2) Remote Format String Exploit (ppc)

No description provided by source. !/usr/bin/perl -w Heh - Code by KF kflistsatdigitalmunitiondotcom - Shellcode by Charles Stevenson http://www.digitalmunition.com FrSIRT 24/24 & 7/7 - Centre de Recherche on Donkey Testicles. Free 14 day Testicle licking trial available! IIIIIIIIII I::::::::I...

Qwik SMTP 0.3 - Remote Root Format String Exploit

No description provided by source. / qwik-smtp Remote Root Exploit ------------------------------- Bug found by: Dark Eagle darkeagle at list d0t ru Exploit coded by: Carlos Barros barros at barrossecurity d0t com Home Page: http://www.barrossecurity.com Exploitation techinique: This bug is a...