webdesproxy 0.0.1 - exec-shield GET Remote Code Execution

webdesproxy 0.0.1 - exec-shield GET Remote Code Execution / Fedora Core 6 exec-shield based Webdesproxy webdesproxy-0.0.1.tgz remote root exploit reverse connect-back method by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL:...

CVE-2007-1884

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via 1 certain negative argument numbers that arise in the phpformattedprint function because of 64 to 32 bit...

Integer overflow

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via 1 certain negative argument numbers that arise in the phpformattedprint function because of 64 to 32 bit...

CVE-2007-1884

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via 1 certain negative argument numbers that arise in the phpformattedprint function because of 64 to 32 bit...

CVE-2007-1884

CVE-2007-1884 affects PHP 4.x before 4.4.5 and PHP 5.x before 5.2.1 on 64‑bit platforms. The vulnerability arises from integer signedness errors in the printf family, allowing context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers from 64→32 bit truncation...

CVE-2007-1884

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via 1 certain negative argument numbers that arise in the phpformattedprint function because of 64 to 32 bit...

PHP printf() integer overflow

Integer overflow on 64-bit systems...

MOPB-38-2007:PHP printf() Family 64 Bit Casting Vulnerabilities

Summary A helper function used by the printf PHP function family returns a unsigned 63 bit long, but the result is internally stored in 32 bit ints. Because of the 32 bit truncation the resulting ints can be negative which is not catched by the calling code in differen code paths. This can result...

w3m: Format string vulnerability

Background w3m is a multi-platform text-based web browser. Description w3m in -dump or -backend mode does not correctly handle printf format string specifiers in the Common Name CN field of an X.509 SSL certificate. Impact An attacker could entice a user to visit a malicious website that would lo...

ANDR : Format String Vulnerability

Format string vulnerability Andrey Kolischak March, 2001 [email protected] Format string vulnerability It is no secret that most of the software, in addition to specific vulnerabilities, contains “holes” associated with an incorrect programming style. If some of these holes, such as buffer overflows,...

GLSA-200512-01 : Perl: Format string errors can lead to code execution

The remote host is affected by the vulnerability described in GLSA-200512-01 Perl: Format string errors can lead to code execution Jack Louis discovered a new way to exploit format string errors in Perl that could lead to the execution of arbitrary code. This is perfomed by causing an integer wra...

Perl: Format string errors can lead to code execution

Background Perl is a stable, cross-platform programming language created by Larry Wall. It contains printf functions that allows construction of strings from format specifiers and parameters, like the C printf functions. A well-known class of vulnerabilities, called format string errors, result o...

Perl programs providing user-controlled I/O format strings may contain format string vulnerabilities

Overview Programs written in Perl may contain many of the same types of format string vulnerabilities as programs written in C. Description Perl is a programming language used in many applications and commonly used for web applications. It provides many of the same functions for formatted I/O as ...

linux/ppc - connect back execve /bin/sh 240 bytes

linux/ppc connect back execve /bin/sh 240 bytes. Shellcode exploit for linuxppc platform / connect-core5.c by Charles Stevenson / char hellcode = / connect back & execve /bin/sh linux/ppc by core / "\x7c\x3f\x0b\x78" /mr r31,r1/ "\x3b\x40\x01\x0e" /li r26,270/ "\x3b\x5a\xfe\xf4" /addi r26,r26,-26...

Debian DSA-066-1 : cfingerd - remote exploit

Steven van Acker reported on bugtraq that the version of cfingerd a configurable finger daemon as distributed in Debian GNU/Linux 2.2 suffers from two problems : - The code that reads configuration files files in which $ commands are expanded copied its input to a buffer without checking for a...

Debian DSA-061-1 : gnupg - printf format attack

The version of GnuPG GNU Privacy Guard, an OpenPGP implementation as distributed in Debian GNU/Linux 2.2 suffers from two problems : - fish stiqz reported on bugtraq that there was a printf format problem in the doget function: it printed a prompt which included the filename that was being...

Debian DSA-072-1 : groff - printf format attack

Zenith Parse found a security problem in groff the GNU version oftroff. The pic command was vulnerable to a printf format attack which made it possible to circumvent the -S' option and execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-057-1 : gftp - printf format attack

The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making an FTP server return special responses that exploit this. %NASLMINLEVE...

Debian DSA-107-1 : jgroff - format print vulnerability

Basically, this is the same Security Advisory as DSA 072-1, but for jgroff instead of groff. The package jgroff contains a version derived from groff that has Japanese character sets enabled. This package is available only in the stable release of Debian, patches for Japanese support have been...

Debian DSA-058-1 : exim - local printf format attack

Megyer Laszlo found a printf format bug in the exim mail transfer agent. The code that checks the header syntax of an email logs an error without protecting itself against printf format attacks. It's only exploitable locally with the -bS switch in batched SMTP mode. %NASLMINLEVEL 70300 C Tenable...