Ubuntu 14.04 LTS : GNU C Library vulnerability (USN-2328-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2328-1 advisory. Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker coul...

Ubuntu: Security Advisory (USN-2328-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

glibc - NUL Byte gconv_translit_find Off-by-One

glibc - NUL Byte gconvtranslitfind Off-by-One // // Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34421.tar.gz CVE-2014-5119.tar.gz // // // --------------------------------------------------- // CVE-2014-5119 glibc gconvtranslitfind exploit //...

glibc - NUL Byte gconv_translit_find Off-by-One

// // Full Exploit: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/34421.tar.gz CVE-2014-5119.tar.gz // // // --------------------------------------------------- // CVE-2014-5119 glibc gconvtranslitfind exploit // ------------------------ taviso & scarybeasts ---...

PT-2014-6445 · Qemu +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: The issue is related to an off-by-one error in the pci read function within the ACPI PCI hotplug interface. This error can be triggered by a crafted PCI device, leading to memory corruption. A...

UBUNTU-CVE-2014-5119

Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...

UBUNTU-CVE-2014-5388

Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption...

The poisoned NUL byte, 2014 edition

Posted by Chris Evans, Exploit Writer Underling to Tavis Ormandy Back in this 1998 post to the Bugtraq mailing list, Olaf Kirch outlined an attack he called “The poisoned NUL byte”. It was an off-by-one error leading to writing a NUL byte outside the bounds of the current stack frame. On i386...

Updated apache-mod_wsgi package fixes security vulnerability

apache-modwsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were specified to the option supplementary-groups, then memory corrupti...

UBUNTU-CVE-2014-4345

Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service buffer...

CVE-2014-5162

The readnewline function in wiretap/catapultdct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service off-by-one buffer underflow and application crash via a crafted...

qibocms 多个系统同一原因的sql注入

简要描述： 因为qibocms 拥有很多系统。 看了看昨天发的那个洞 今天再下载了几个qibo其他的系统 发现有一部分系统存在该洞。 鉴于之前qibocms打补丁的时候总是打了几个系统 而遗漏了其他几个系统。 就把存在这洞的系统全部一个一个的写出来。 详细说明： 统一来看看全局文件 $POST=AddS$POST; $GET=AddS$GET; $COOKIE=AddS$COOKIE; function AddS$array foreach$array as $key=$value if!isarray$value $value=strreplace"&x","& x",$value;...

QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART

Off-by-one error in the cmdsmart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption...

UBUNTU-CVE-2014-4975

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service segmentation fault via vectors that trigger a stack-based buffer overflow...

PHP 5.3.3 ibase_gen_id() off-by-one Overflow Vulnerability

No description provided by source. === Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one overflow === Author === cb === Description === User-supplied variable generator copied to 128 byte buffer query size of query variable. So its cause off-by-one overflow. You can see 1...

PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion...

wu-ftpd 2.6.2 - Remote Root Exploit (advanced version)

No description provided by source. / wu-ftpd v2.6.2 off-by-one remote 0day exploit. exploit by you dong-hunXpl017Elz, [email protected]. Update: v0.0.2 August 2, I added wu-ftpd-2.6.2, 2.6.0, 2.6.1 finally. v0.0.3 August 3, Brute-Force function addition. v0.0.4 August 4, Added FreeBSD, OpenBSD...

KTP Computer Customer Database CMS 1.0 - Blind SQL Injection Vulnerability

No description provided by source. ================================================ KTPCCD CMS Blind SQL Injection Vulnerability ================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off)

No description provided by source. !/usr/bin/perl -w use IO::Socket; print \r\n; print | Geeklog 1. remote commands execution |\r\n; print | By rgod rgodATautisticiDOTorg |\r\n; print | site: http://retrogod.altervista.org |\r\n; print | |\r\n; print \r\n; print | - this works against...

PHPmybibli <= 3.0.1 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV55$2006 ----------------------------------------------------------------------------------------------- ECHOADV55$2006Phpmybibli =2.1 Multiple Remote File Inclusion...