27 matches found
curl: FTP path trickery leads to NIL byte out of bounds write
It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash or an unspecified behavior...
curl: FTP path trickery leads to NIL byte out of bounds write
It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash or an unspecified behavior...
curl: FTP path trickery leads to NIL byte out of bounds write
It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash or an unspecified behavior...
Microsoft Reader <= 2.1.1.3143 NULL Byte Write
No description provided by source. Luigi Auriemma Application: Microsoft Reader http://www.microsoft.com/reader Versions: = 2.1.1.3143 PC version the Origami 2.6.1.7169 version doesn't seem vulnerable the non-PC versions have not been tested Platforms: Windows, Windows Mobile, Tablet PC and UMPC...
Microsoft Reader 2.1.1.3143 - Null Byte Write
Luigi Auriemma Application: Microsoft Reader http://www.microsoft.com/reader Versions: | 8D47 01 |LEA EAX,DWORD PTR DS:EDI+1 ; size at offset 0xbd of the PoC 5FFF634D |. 50 |PUSH EAX 5FFF634E |. E8 2B470000 |...
Microsoft Reader 2.1.1.3143 - Null Byte Write
Microsoft Reader 2.1.1.3143 - Null Byte Write Luigi Auriemma Application: Microsoft Reader http://www.microsoft.com/reader Versions: | 8D47 01 |LEA EAX,DWORD PTR DS:EDI+1 ; size at offset 0xbd of the PoC 5FFF634D |. 50 |PUSH EAX 5FFF634E |. E8 2B470000 |CALL...
rsync 2.3/2.4/2.5 - Signed Array Index Remote Code Execution
// source: https://www.securityfocus.com/bid/3958/info A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations. Exploitation of this vulnerability...