HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "HP StorageWorks...

PHP 5.1.x < 5.1.5 Multiple Vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.5. Such versions may be affected by the following vulnerabilities : - The c-client library 2000, 2001, or 2004 for PHP does not check the safemode or openbasedir functions. CVE-2006-1017 - A buffer...

Gentoo Security Advisory GLSA 200909-12 (htmldoc)

The remote host is missing updates announced in advisory GLSA 200909-12. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200909-12 (htmldoc)

The remote host is missing updates announced in advisory GLSA 200909-12. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Multiple sscanf vulnerabilities in Asterisk [MU-200908-01]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple sscanf vulnerabilities in Asterisk MU-200908-01 August 10, 2009 http://labs.mudynamics.com/advisories.html Affected Products/Versions: Asterisk 1.6.1 branch up to 1.6.1.2. Product Overview: Asterisk is an open source telephony engine and...

Buffer-overflow in CoolPlayer 217

Luigi Auriemma Application: CoolPlayer http://coolplayer.sourceforge.net Versions: = 217 Platforms: Windows Bug: buffer-overflow in CPLIReadTagOGG Exploitation: local Date: 28 Dec 2007 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 2102)

the CURL module lacked checks for control characters CVE-2006-2563 - strrepeat contained an integer overflow - ext/wddx contained a buffer overflow - memorylimit lacked checks for integer overflows - a bug in sscanf could potentially be exploited to execute arbitrary code. CVE-2006-4020 - an...

corehttp 0.5.3alpha (httpd) Remote Buffer Overflow Exploit

No description provided by source. / corehttpv0.5.3alpha: httpd remote buffer overflow exploit. by: vade79/v9 [email protected] fakehalo/realhalo ...

CoreHTTP http.c远程缓冲区溢出漏洞

BUGTRAQ ID: 25120 CoreHTTP是一款小型的Web服务器。 CoreHTTP在处理超长用户请求时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制服务器。 CoreHTTP的http.c文件中存在缓冲区溢出漏洞： ----------------------------------------------------------------------- struct sprockt HttpSprockMakestruct sprockt parentsprock struct sprockt sprocket; char reqPATHSIZE,...

corehttp 0.5.3alpha (httpd) Remote Buffer Overflow Exploit

Exploit for linux platform in category remote exploits ========================================================== corehttp 0.5.3alpha httpd Remote Buffer Overflow Exploit ========================================================== / corehttpv0.5.3alpha: httpd remote buffer overflow exploit. by:...

Mandrake Linux Security Advisory : php (MDKSA-2006:144)

A vulnerability was discovered in the sscanf function that could allow attackers in certain circumstances to execute arbitrary code via argument swapping which incremented an index past the end of an array and triggered a buffer over-read. Updated packages have been patched to correct these issue...

security flaw

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read...

PHP sscanf函数本地堆缓冲区溢出漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的sscanf函数处理用户的格式化参数时存在漏洞，本地攻击者可能利用此漏洞通过PHP代码执行任意指令。 如果象如下例子那样向sscanf函数传递指针的指针作为参数，则会触发堆溢出问题，可能导致执行任意指令： sscanf'foo ','$1s',$bar PHP PHP = 5.1.4 PHP PHP = 4.4.3 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net/downloads.php ? / hoagiephpsscanf.php PHP...

PHP &lt;= 4.4.3 / 5.1.4 (objIndex) Local Buffer Overflow Exploit PoC

No description provided by source. ?php / Author: Heintz Date: 4-th august 2006 Greets: Waraxe from www.waraxe.us All buds at www.plain-text.info Torufoorum ext/standard/scanf.c line 887 --- if numVars current = argsobjIndex++; --- objIndex points past the end of array in other format cases too...

security flaw

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server....

USN-342-1: PHP vulnerabilities

The sscanf function did not properly check array boundaries. In applications which use sscanf with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application's privileges. CVE-2006-4020 The fileexis...

GLSA-200608-28 : PHP: Arbitary code execution

The remote host is affected by the vulnerability described in GLSA-200608-28 PHP: Arbitary code execution The sscanf PHP function contains an array boundary error that can be exploited to dereference a NULL pointer. This can possibly allow the bypass of the safe mode protection by executing...

PHP: Arbitary code execution

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description The sscanf PHP function contains an array boundary error that can be exploited to dereference a null pointer. This can possibly allow the...

php -- multiple vulnerabilities

The PHP development team reports: Added missing safemode/openbasedir checks inside the errorlog, fileexists, imapopen and imapreopen functions. Fixed overflows inside strrepeat and wordwrap functions on 64bit systems. Fixed possible openbasedir/safemode bypass in cURL extension and with realpath...