348 matches found
BSD (Multiple Distributions) - printf(3) Memory Corruption
BSD Multiple Distributions - printf3 Memory Corruption source: https://www.securityfocus.com/bid/36885/info Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. An attacker can exploit this issue...
SecurityReason: Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple BSD printf1 and multiple dtoa/printf3 vulnerabilities Author: Maksymilian Arciemowicz SecurityReason.com Date: - - Dis.: 29.06.2009 - - Pub.: 30.10.2009 We are going inform all vendors, about this problem Affected Software official: - - OpenB...
OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service
source: https://www.securityfocus.com/bid/36884/info OpenBSD and NetBSD are prone to a denial-of-service vulnerability because they fail to properly parse format strings to the 'printf1' function. An attacker can exploit this issue to cause applications using the vulnerable call to crash with a...
array index error in dtoa implementation of many products
Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...
Multiple BSD and Linux systems strfmon() libc / glibc function integer overflow
Integer overflow on format specificator in strfmon. NULL pointer dereference in printf...
openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-61)
This update of php5 fixes : - possible stack-based buffer overflow CVE-2008-2050 - incomplete escapeshellcmd CVE-2008-2051 - printf integer overflow CVE-2008-1384 - insecure GENERATESEED macro CVE-2008-2107 - timezone update for DST in Pakistan %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2009-0689
Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...
DEBIAN-CVE-2009-0689
Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...
Heap overflow
Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...
CVE-2009-0689
Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...
BSD/x86 - execve(/bin/sh) & setuid(0) - 29 bytes
No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax...
Linux/mips - execve(/bin/sh) - 56 bytes
No description provided by source. / 56 bytes execve /bin/sh shellcode - linux-mipsel - by core [email protected] Note: For MIPS running in little-endian mode. Tested on a Cobalt Qube2 server running Linux 2.4.18 Greetz to bighawk... i couldn't get his execve to work for some reason :/ / char code ...
OSX/PPC - execve(/bin/sh,[/bin/sh],NULL) + exit() Shellcode (72 bytes)
OSX/PPC - execve/bin/sh,/bin/sh,NULL + exit Shellcode 72 bytes. Shellcode exploit for OSXPPC platform / MacOSX/PowerPC Shellcode for: execve"/bin/sh", "/bin/sh", NULL, exit 72 bytes hophet at gmail.com http://www.nlabs.com.br/hophet/ / include "stdio.h" include "string.h" char shellcode =...
Reader: JavaScript util.printf() function buffer overflow
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104...
Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit #2
No description provided by source. Adobe Reader Javascript Printf Buffer Overflow Exploit =========================================================== Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflow CVE-2008-2992 Thanks to coresecurity for the technical background...
adobe-printf.txt
Adobe Reader Javascript Printf Buffer Overflow Exploit =========================================================== Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflow CVE-2008-2992 Thanks to coresecurity for the technical background. 6Nov,2008: Exploit released by me...
Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of embedd...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 5345)
This version upgrade php5 to 5.2.6 fixes several security vulnerabilities. - Fixed possible stack-based buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. - Fixed integer overflow in printf identified by Maksymilian Aciemowicz. - Fixed security issue detailed in CVE-2008-0599...
Symantec Altiris Client Service 6.8.378 Local Privilege Escalation Exploit
Exploit for unknown platform in category local exploits ========================================================================== Symantec Altiris Client Service 6.8.378 Local Privilege Escalation Exploit ========================================================================== // 0day PRIVATE...
Re: [securityreason] *BSD libc (strfmon) Multiple vulnerabilities
On Mar 27, 2:09pm, [email protected] [email protected] wrote: -- Subject: securityreason BSD libc strfmon Multiple vulnerabilities ... stuff deleted ... | Problem exist also in printf function. | | Example code will show Integer Overflow . | | - ---example-start-- | include stdio.h | ...