130 matches found
SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)
glibc has been updated to fix security issues and bugs : - Fix crashes on invalid input in IBM gconv modules. CVE-2014-6040 / CVE-2012-6656, bsc894553, bsc894556, GLIBC BZ 17325, GLIBC BZ 14134 - Avoid infinite loop in nssdns getnetbyname. CVE-2014-9402 - Don't touch user-controlled stdio locks i...
FreeBSD Security Advisory FreeBSD-SA-14:27.stdio
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:27.stdio Security Advisory The FreeBSD Project Topic: Buffer overflow in stdio Category: core Module: libc Announced: 2014-12-10 Credits: Adrian Chadd and...
FreeBSD -- Buffer overflow in stdio
Problem Description: A programming error in the standard I/O library's sflush function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write2 system call returns an error. Impact: The accounting mismatch would accumulate, if the...
Xorg 1.4 to 1.11.2 File Permission Change PoC
No description provided by source. / xchmod.c -- Xorg file permission change vulnerability PoC Author: vladz http://vladz.devzero.fr Date: 2011/12/15 Software: www.x.org Version: Xorg 1.4 to 1.11.2 in all configurations. Xorg 1.3 and earlier if built with the USECHMOD preprocessor identifier Test...
CVE-2014-1876
The unpacker::redirectstdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite...
CVE-2012-3404
CVE-2012-3404 affects the GNU C Library (glibc) in the vfprintf path (stdio-common/vfprintf.c). The issue is a miscalculation of buffer length that can bypass Fortify_SOURCE format-string protections when using positional parameters with many specifiers, enabling context-dependent DoS via a craft...
Unfixed XSS vulnerability at www.generalasp.com
Security researcher stdio, has submitted on 04/05/2008 a cross-site-scripting XSS vulnerability affecting www.generalasp.com, which at the time of submission ranked 100243 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/06/2008. It is...
Multiple OS kernel insecure handling of stdio file descriptor
XFOCUS team http://www.xfocus.org/ had discovered Multiple OS kernel insecure handling of stdio file descriptor. =================== Affected OS Version AIX 5.3 Solaris 9 HPUX B11.11 maybe other version,we did not tested =========== Description The affected OSes allows local users to write to or...
Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version
No description provided by source. / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into li...
Security Advisory FreeBSD-SA-02:23.stdio
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced: 2002-04-22 Credits: Joost Pol...