php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash...

php: ArrayIterator use-after-free due to object change during sorting

A use-after-free flaw was found in the way PHP handled certain ArrayIterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

Snort Back Orifice 2.4.3 Pre-Preprocessor 缓冲区溢出漏洞

No description provided by source...

Snort Back Orifice Pre-Preprocessor Remote Exploit

No description provided by source. $Id: snortbopre.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

NASM 0.98.x Error Preprocessor Directive Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11991/info NASM is prone to a buffer overflow. This condition is exposed when the application attempts to assemble a source file that contains malformed '%error' preprocessor directive arguments. Since the source file may...

Progress 9.1 sqlcpp Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4402/info Progress is a commercial database for Microsoft Windows and Unix systems. A buffer overflow has been reported in the sqlcpp program included with Progress, used as a SQL preprocessor. Execution of arbitrary code...

OpenPNE vulnerable to PHP Object Injection

Overview OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Egidio Romano of Secunia reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote,...

Snort 2 - DCE/RPC Preprocessor Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Snort 2 DCE/RPC preprocessor Buffer...

php: hash table collisions CPU usage DoS (oCERT-2011-003)

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

Mandriva Update for snort MDVA-2010:224 (snort)

Check for the Version of snort OpenVAS Vulnerability Test Mandriva Update for snort MDVA-2010:224 snort Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Security Advisory MDVSA-2009:259-1 (snort)

The remote host is missing an update to snort announced via advisory MDVSA-2009:259-1. OpenVAS Vulnerability Test $Id: mdksa20092591.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:259-1 snort Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

Symantec Alert Management System Intel Alert Originator Service msgsys.exe buffer overflow

Added: 05/05/2009 CVE: CVE-2009-1430 BID: 34674 OSVDB: 54159 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel Alert Originator IAO service is a component of AMS2. The msgsys.exe process is a preprocessor for the IAO service and listens on TCP...

php: FastCGI module DoS via multiple dots preceding the extension

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

CVE-2008-1804

Removed by vendor...

Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal

Overview httpd.pl from Fuktommy.com including an HTML preprocessor contains a directory traversal vulnerability. httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability. Impact A remote attacker could,...

JVN#01913089 Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal

httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability. Impact A remote attacker could, without authentication, view files on the server where httpd.pl is installed. This could lead to unintentional...

PHP parse_str() arbitrary variable overwrite

Title: PHP parsestr arbitrary variable overwrite Vendor: http://www.php.net/ Advisory: http://www.acid-root.new.fr/advisories/14070612.txt Author: DarkFig gmdarkfig at gmail dot com Written on: 2007/06/12 Released on: 2007/06/12 Risk level: Medium / High I.BACKGROUND Quote from php.net PHP is a...

PT-2007-4161 · Abc · Abc Excel Parser Pro

Name of the Vulnerable Software and Affected Versions: ABC Excel Parser Pro version 4.0 Description: A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the parser path parameter. Recommendations: For ABC Excel Parser Pro version 4.0, consider restricting...

Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow Exploit (linux)

No description provided by source. !/usr/bin/python Remote exploit for Snort DCE/RPC preprocessor vulnerability as described in CVE-2006-5276. The exploit binds a shell to TCP port 4444 and connects to it. This code was tested against snort-2.6.1 running on Red Hat Linux 8 Author shall bear no...