3576 matches found
[Full-disclosure] ssh.com ssh-3.2.9.1 sftp server remote off by one
ssh.com ssh-3.2.9.1 sftp server remote off by one ATTENTIONThis has not been tested under reallife conditions ssh-3.2.9.1 which is available from http://ftp.ssh.com/pub/ssh/ contains the same old rootd off by one bug as described bei isec.pl here:...
SOL6878 - Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747
This security advisory describes an off-by-one error, which means the bits are shifted to the left or the right by one value, in the LDAP scheme handling of the Apache Rewrite module. The vulnerability within the Apache Rewrite module allows remote attackers to cause a Denial of Service attack or...
CVE-2007-2651
Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service connection loss or possibly execute arbitrary code via a 1 DNS name response of the exact length as a buffer; or a long 2 channel name, 3 partyline channel name, or unspecified vector...
Code injection
Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service connection loss or possibly execute arbitrary code via a 1 DNS name response of the exact length as a buffer; or a long 2 channel name, 3 partyline channel name, or unspecified vector...
CVE-2007-2651
Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service connection loss or possibly execute arbitrary code via a 1 DNS name response of the exact length as a buffer; or a long 2 channel name, 3 partyline channel name, or unspecified vector...
CVE-2007-2651
CVE-2007-2651 affects VooDoo cIRCle prior to 1.1.beta27. Multiple off-by-one errors can allow a remote attacker to cause a denial of service (connection loss) or possibly execute arbitrary code via crafted BOTNET packets, specifically through a DNS name response matching the buffer length or via ...
Mandrake Linux Security Advisory : python (MDKSA-2007:099)
An off-by-one error was discovered in the PyLocalestrxfrm function in Python 2.4 and 2.5 that could allow context-dependent attackers the ability to read portions of memory via special manipulations that trigger a buffer over-read due to missing null termination. The updated packages have been...
CVE-2007-2052
Off-by-one error in the PyLocalestrxfrm function in Modules/localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due ...
Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
No description provided by source. !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis axis@ph4nt0m http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 1.3.37 2.0 branch: 2.0.46 and 2.0.59...
MOPB-42-2007:PHP 5 php_stream_filter_create() Off By One Vulnerablity
Summary The phpstreamfiltercreate function does support wildcards in filter names for easier implementation. When a filter is not known and there is a dot in the filter name, everything behind is truncated and a character is appended. This is done without taking the extra byte into account that i...
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...
Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
Exploit for unknown platform in category remote exploits ============================================================= Apache ModRewrite Off-by-one Remote Overflow Exploit win32 ============================================================= !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. b...
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
!/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20 http://www.milw0rm.com/exploits/2237 to successfully exploit the...
modrewrite-offbyone.txt
!/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20 http://www.milw0rm.com/exploits/2237 to successfully exploit the...
CVE-2007-1886
Integer overflow in the strreplace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."...
GLSA-200703-21 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200703-21 PHP: Multiple vulnerabilities Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffer overflow in htmlentities and htmlspecialchars i...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffe...
DEBIAN-CVE-2007-1218
Off-by-one buffer overflow in the parseelements function in the 802.11 printer code print-80211.c for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service crash via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based...
SUSE-SA:2006:043: apache,apache2
The remote host is missing the patch for the advisory SUSE-SA:2006:043 apache,apache2. The following security problem was fixed in the Apache and Apache 2 web servers: modrewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer...
CVE-2007-0911
Off-by-one error in the strireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service crash...