PHP 5.3.3 - ibase_gen_id() Off-by-One Overflow

PHP 5.3.3 - ibasegenid Off-by-One Overflow === Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one overflow === Author === cb === Description === User-supplied variable "generator" copied to 128 byte buffer "query" size of query variable. So its cause off-by-one overflow. You...

PHP 5.3.3 ibase_gen_id() off-by-one Overflow Vulnerability

Exploit for php platform in category dos / poc ========================================================== PHP 5.3.3 ibasegenid off-by-one Overflow Vulnerability ========================================================== === Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one...

PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow

=== Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one overflow === Author === cb === Description === User-supplied variable "generator" copied to 128 byte buffer "query" size of query variable. So its cause off-by-one overflow. You can see 1 snprintf copy statement to "query...

SuSE 10 Security Update : Cyrus IMAPD (ZYPP Patch Number 6476)

This update of cyrus-imapd fixes a buffer overflow that occurs in snprintf due to incorrectly calculating the size of the destination buffer. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

cscope security update

15.5-10.RHEL4.3 - Merge incdir-overflow and snprintf patches for better readability, snprintf is used now with PATHLEN limit without other adjustments, related strlen / %.s / len are no longer needed and were dropped - Update tempsec patch, drop extraneous snprintf argument to suppress compiler...

Cscope Multiple Buffer Overflow vulnerability

This host has installed Cscope and is prone to Multiple Buffer Overflow vulnerability. OpenVAS Vulnerability Test $Id: gbcscopemultbofvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Cscope Multiple Buffer Overflow Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH...

MPFR library buffer overflow

mpfrsnprintf and mpfrvsnprintf functions buffer overflow...

FreeBSD : samba -- format string bug in afsacl.so VFS plugin (57ae52f7-b9cc-11db-bf0f-0013720b182d)

The Samba Team reports : NOTE: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module. The source defect results in the name of a file stored on disk being used as the...

Samba服务器VFS插件afsacl.so远程格式串处理漏洞

Samba是一套实现SMB（Server Messages Block）协议、跨平台进行文件共享和打印共享服务的程序。 Samba的VFS插件afsacl.so库在处理文件名时存在格式串漏洞，攻击者可能利用此漏洞诱使用户处理恶意的VFS分区控制服务器。 Samba在调用snprintf时将磁盘上所储存的文件名用作了格式串，如果用户能够写入的共享使用Samba的afsacl.so库对AFS文件系统上的文件设置Windows NT访问控制列表的话，就可能通过文件名中的格式串标识符导致执行任意代码。 这个漏洞仅影响与CIFS共享了AFS文件系统并在smb.conf中明确要求加载afsacl.s...

Format string bug in afsacl.so VFS plugin.

Description NOTE: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module. The source defect results in the name of a file stored on disk being used as the format string in...

Novell eDirectory/iMonitor HTTPSTK栈缓冲区溢出漏洞

Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory在处理用户请求构造回应时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 Novell的HTTP协议栈（httpstk）没有检查客户端所提供的HTTP Host请求头（如Host: www.host.com）的值。当服务器在准备HTTP重新定向响应调用snprintf时可能会触发这个漏洞，导致以加载httpstk库进程的权限执行任意指令。C++伪代码如下： define HTTPHDRHOSTFIELD 211 char szHttp = "HTTP"; char...

CVE-2002-1721

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service crash via an x-header that causes snprintf overwrite the FFGETFILE variable with a null byte...

CVE-2002-1721

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service crash via an x-header that causes snprintf overwrite the FFGETFILE variable with a null byte...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute...

CVE-2001-0850

A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow...

CVE-1999-1330

The CVE-1999-1330 issue affects the db library’s snprintf usage in version 1.85.4, where the size parameter is ignored and could permit buffer overflows that proper snprintf implementation would prevent. This describes a potential local memory corruption risk. Exploitation details or concrete rem...

CVE-2001-0850

The CVE-2001-0850 entry concerns a configuration error in the libdb1 package of OpenLinux 3.1. The vulnerability arises from insecure versions of snprintf and vsnprintf used by libdb1, which could allow local or remote users to trigger a buffer overflow. Affected software: OpenLinux 3.1 (libdb1)....

CVE-2001-0850

A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow...

pkc002.txt

/ pkc002.txt / -= SECURITY ADVISORY 002 =- | \ www.pkcrew.org / \ \ | / \ | | | | | / | | | | | / | | | | / | | / / | | | / | Application : Tinyproxy version 1.3.2 and 1.3.3 Type : heap buffer overflow --- The Problem --- Function httperr in utils.c : int httperrstruct conns connptr, int err, cha...

ProFTPd 1.2 pre6 - snprintf Remote Root

ProFTPd 1.2 pre6 - snprintf Remote Root source: https://www.securityfocus.com/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability. On systems that support it ProFTPD will attempt to modify the name of the program being executed argv0 to display the comman...