PHP <= 4.4.3 / 5.1.4 (sscanf) Local Buffer Overflow Exploit

No description provided by source. ? / hoagiephpsscanf.php PHP = 4.4.3 / 5.1.4 local buffer overflow exploit howto get offsets: set $baseaddr to 0x41414141 ulimit -c 20000 /etc/init.d/apache restart execute script via web browser tail /var/log/apache/error.log ... Wed Aug 16 15:07:10 2006 notice...

CVE-2006-4020

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read...

CVE-2006-4020

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read...

CVE-2006-4020

CVE-2006-4020 affects PHP when using the sscanf function. In PHP 5.1.4 and earlier (and 4.4.3 and earlier), a context-dependent attacker can cause a buffer over-read by argument swapping in sscanf, potentially enabling arbitrary code execution. Vendor advisories and OpenVAS/Nessus entries indicat...

PHP 4.4.35.1.4 - objIndex Local Buffer Overflow

PHP 4.4.35.1.4 - objIndex Local Buffer Overflow ?php / Author: Heintz Date: 4-th august 2006 Greets: Waraxe from www.waraxe.us All buds at www.plain-text.info Torufoorum ext/standard/scanf.c line 887 --- if numVars current = argsobjIndex++; --- objIndex points past the end of array in other forma...

php local buffer underflow could lead to arbitary code execution

Affected versions: php 5.1.4 and older, 4.4.3 and possibly older Cause: when php-s sscanf functions format argument contains argument swap and extra arguments are given like. sscanf'foo ','$1s',$bar then it reads an pointer to pointer to zval structure past the end of argument array by one. Php...

PT-2006-4865 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 4.4.3 and earlier PHP versions 5.1.4 and earlier Description: The issue allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping. This can trigger a buffer...

PHP memory corruption

sscanf function past the end of aray writing...

FreeBSD : elm -- remote buffer overflow in Expires header (f66e011d-13ff-11da-af41-0004614cc33d)

Ulf Harnhammar has discovered a remotely exploitable buffer overflow in Elm e-mail client when parsing the Expires header of an e-mail message : The attacker only needs to send the victim an e-mail message. When the victim with that message in his or her inbox starts Elm or simply views the inbox...

exiv2 IPTC library DoS

sscanf is used for data wich is not NULL-terminated...

elm -- remote buffer overflow in Expires header

Ulf Harnhammar has discovered a remotely exploitable buffer overflow in Elm e-mail client when parsing the Expires header of an e-mail message: The attacker only needs to send the victim an e-mail message. When the victim with that message in his or her inbox starts Elm or simply views the inbox ...

Mah-Jong 1.4 - Client/Server Remote sscanf() Buffer Overflow

// source: https://www.securityfocus.com/bid/8557/info A remote buffer overflow vulnerability when calling the sscanf function has been reported to affect the mah-jong game client and server programs. The issue occurs within seperate source files, however the code used by both programs is...

man-db[] multiple(4) vulnerabilities.

part 1: addtodirlist buffer overflow man-db contains a buffer overflow vulnerability do to the lack of bounds checking in multiple sscanf calls. which formats the user supplied file /.manpath. here is the functionsrc/manp.c: static void addtodirlist FILE config, int user char bp; char bufBUFSIZ;...

GV 2.x3.x - .PDF.PS File Buffer Overflow (1)

GV 2.x3.x - .PDF.PS File Buffer Overflow 1 // source: https://www.securityfocus.com/bid/5808/info gv is a freely available, open source Portable Document Format PDF and PostScript PS viewing utility. It is available for Unix and Linux operating systems. It has been reported that an insecure sscan...

GV 2.x/3.x - '.PDF'/'.PS' File Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/5808/info gv is a freely available, open source Portable Document Format PDF and PostScript PS viewing utility. It is available for Unix and Linux operating systems. It has been reported that an insecure sscanf function exists in gv. Due to this...

snplog.bof.txt

Date: Tue, 16 Feb 1999 00:42:49 +0000 From: Rupert Weber-Henschel To: [email protected] Subject: snplog-1.0 buffer overflow There is a possible buffer overflow in snplog-1.0. Or is it 0.1? The tar file is 0.1, the docs say 1.0. % snplog contains tcplogd, icmplogd, udplogd The offending code is...