glibc, nscd security update

CentOS Errata and Security Advisory CESA-2012:0393 Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Linux Kernel epoll Subsystem “eventpoll.c”多个本地拒绝服务漏洞

BUGTRAQ ID: 46630 CVE ID: CVE-2011-1082,CVE-2011-1083 Linux Kernel是Linux操作系统的内核。 Linux Kernel 2.6.38之前版本的fs/eventpoll.c在epoll子系统的实现上存在本地拒绝服务安全漏洞，将epoll文件描述符放置在其他epoll数据结构中，没有检查已关闭的循环或深链接，攻击者可利用此漏洞造成拒绝服务 0 Linux kernel 2.6.38 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.kernel.or...

win32/PerfectXp-pc1/sp3 Tr Add Admin Shellcode 112 bytes

win32/PerfectXp-pc1/sp3 Tr Add Admin Shellcode 112 bytes. Shellcode exploit for win32 platform Title : win32/PerfectXp-pc1/sp3 Tr Add Admin Shellcode 112 bytes Author : KaHPeSeSe Screenshot : http://i53.tinypic.com/289yamq.jpg Desc. : usr: kpss , pass: 12345 , localgroup: Administrator Tested on ...

Cross-Site Scripting vulnerability in Nagios

Advisory: Cross-Site Scripting vulnerability in Nagios Advisory ID: SSCHADV2011-006 Author: Stefan Schurtz Affected Software: Successfully tested on: nagios 3.2.3 Vendor URL: http://www.nagios.org Vendor Status: informed CVE-ID: - ========================== Vulnerability Description:...

Icinga 1.3.0 / 1.4.0 Cross Site Scripting

Advisory: Cross-Site Scripting vulnerability in Icinga Advisory ID: SSCHADV2011-005 Author: Stefan Schurtz Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.4.0 Vendor URL: http://www.icinga.org Vendor Status: Resolved CVE-ID: - ========================== Vulnerability Descriptio...

printf(1) via PHP magic_quotes Utility Command Encoder

This encoder uses the printf1 utility to avoid restricted characters. Some shell variable substitution may also be used if needed symbols are blacklisted. Some characters are intentionally left unescaped since it is assumed that PHP with magicquotesgpc enabled will escape them during request...

Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:028)

Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' NUL character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary...

Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)

Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '' NUL character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...

PHP 4.x < 4.4.5, 5.x < 5.2.1 Multiple Format String Vulnerabilities

PHP is prone to multiple format-string vulnerabilities due to a design error when casting 64-bit variables to 32 bits. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

chmod"/etc/shadow", 0777 Shellcode33 Bytes

33 Bytes chmod"/etc/shadow", 0777 Shellcode. Shellcode exploit for linx86 platform [email protected] http://plasticsouptaste.blogspot.com Name: 33 bytes chmod"/etc/shadow", 0777 shellcode Platform: Linux x86 include "stdio.h" int mainint argc, char argv char shellcode...

array index error in dtoa implementation of many products

Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...

array index error in dtoa implementation of many products

Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...

Debian DSA-1979-1 : lintian - multiple vulnerabilities

Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them : - CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using...

BSD-based systems &#40;FreeBSD, NetBSD, OpenBSD&#41; index array overflow

Index array overflow in libc gdtoa function used by printf...

PHP 5.2.1 printf 函数解析多字节出错导致任意代码执行漏洞

No description provided by source...

array index error in dtoa implementation of many products

Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...

BSD systems printf buffer overflows

Multiple vulnerabilities on f format specificator parsing...

BSD (Multiple Distributions) - &#039;printf(3)&#039; Memory Corruption

source: https://www.securityfocus.com/bid/36885/info Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. An attacker can exploit this issue to cause applications to crash with a segmentation...

OpenBSD 4.6 NetBSD 5.0.1 - printf(1) Format String Parsing Denial of Service

OpenBSD 4.6 NetBSD 5.0.1 - printf1 Format String Parsing Denial of Service source: https://www.securityfocus.com/bid/36884/info OpenBSD and NetBSD are prone to a denial-of-service vulnerability because they fail to properly parse format strings to the 'printf1' function. An attacker can exploit...