6864 matches found
PT-2018-10401 · Tinyxml2 +2 · Tinyxml2 +2
Name of the Vulnerable Software and Affected Versions: TinyXML2 version 6.2.0 Description: The issue is related to a heap-based buffer over-read in the XMLDocument::Parse function. However, the developers of TinyXML2 have determined that the reported issue is due to improper use of the library an...
UBUNTU-CVE-2014-5471
Stack consumption vulnerability in the parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service uncontrolled recursion, and system crash or reboot via a crafted iso9660 image with a CL entry referring to a directory...
glibc - NUL Byte gconv_translit_find Off-by-One
glibc - NUL Byte gconvtranslitfind Off-by-One // // Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34421.tar.gz CVE-2014-5119.tar.gz // // // --------------------------------------------------- // CVE-2014-5119 glibc gconvtranslitfind exploit //...
libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read
It was found that libvirt passes the XMLPARSENOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read t...
CVE-2014-0477
The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service CPU consumption via an empty quoted string in an RFC 2822 address...
BugHunter HTTP Server 1.6.2 Parse Error Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24566/info BugHunter HTTP Server is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks. This issu...
KDE 3.5 (libkhtml) <= 4.2.0 / Unhandled HTML Parse Exception Exploit
No description provided by source. !-- KDE 3.5 | libkhtml = 4.2.0 / Unhandled HTML Parse Exception ============================================================ Tested with Konqueror 3.5.2 and kmail 1.9.1 Federico L. Bossi Bonin [email protected] www.globalst.com.ar Program received signal...
WEB//NEWS <= 1.4 (parser.php) Remote File Include Vulnerability
No description provided by source. ============================================================================================== webnews = v1.4 WNBASEDIR Remote File Inclusion Exploit =============================================================================================== Critical Level :...
MyServer 0.8.9 Filename Parse Error Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24571/info MyServer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects MyServer 0.8.9; other versio...
freebsd 4.2-stable ftpd glob() Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing...
deV!Lz Clanportal [DZCP] <= 1.3.6 - Arbitrary File Upload Vulnerability
No description provided by source. S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code and execute it,...
Darwin Streaming Server <= 4.1.2 (parse_xml.cgi) Code Execution Exploit
No description provided by source. !/usr/bin/perl QTTS REMOTE ROOT exploit by FOXMULDER [email protected] FOXMULDER PRESENTS foxmulderatabv.bg DarwinOSX4.x? 5.X QTSSQuick Time Stream Server 3.X The bug in Darwin 5.X with unpatched QTSS in parsexml.cgi which lead to remote root compromise: $filenam...
WvTFTPd 0.9 - Remote Root Heap Overflow Exploit
No description provided by source. / wvtftp option name heap overflow remote root exploit infamous42md AT hotpop DOT com exploitation is not exactly straight forward. When we overflow our buffer, we overwrite a pointer that is freed before we get to trigger our overwrite. so we have to restore th...
Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a...
CVE-2013-1397
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...
Design/Logic Flaw
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...
Design/Logic Flaw
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397...
CVE-2013-1348
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397...
CVE-2013-1348
CVE-2013-1348 affects Symfony 2.0.x before 2.0.22 where the YAML parsing path in Yaml::parse can allow remote code execution of PHP via a crafted PHP file. Root cause: insecure handling in YAML parsing that enables arbitrary PHP code execution. Impact: remote attacker could execute code with the ...
ruby: heap overflow in floating point parsing
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...