CVE-2020-36317

In the standard library in Rust before 1.49.0, String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sa...

CVE-2020-36317

In the standard library in Rust before 1.49.0, String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sa...

glibc security update

2.28-72.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

Multiple Point-by-Point Vulnerabilities in UltraVNC

UltraVNC is an open source remote terminal control software for the Windows platform. A security vulnerability exists in the VNC client code in UltraVNC version 1206, which stems from the program incorrectly using the 'ClientConnection::ReadString' function. An attacker could exploit the...

PT-2019-1631 · Pallets +3 · Jinja2 +3

Name of the Vulnerable Software and Affected Versions: Jinja2 version 2.10 Description: An issue was discovered in the from string function of Jinja2, which is prone to Server Side Template Injection SSTI. The function takes the source parameter as a template object, renders it, and then returns...

Event Manager Admin panel - events_new.php SQL injection

Event Manager Admin panel - eventsnew.php SQL injection Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...

CVE-2018-1000101

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...

liblouis: Buffer overflow in the function _lou_showString()

There is a buffer overflow in Liblouis 3.2.0, triggered in the function loushowString in utils.c, that will lead to a remote denial of service attack...

ncurses denial of service vulnerability (CNVD-2017-25655)

ncurses new curses is a library of programs that provides APIs that allow programmers to write text-based user interfaces that are independent of the terminal. A denial of service vulnerability exists in the ncsavestr function in allocentry.c in Ncurses, which can be exploited by a remote attacke...

DEBIAN-CVE-2017-13743

There is a buffer overflow in Liblouis 3.2.0, triggered in the function loushowString in utils.c, that will lead to a remote denial of service attack...

Ruby: Heap corruption in string.c tr_trans() due to undersized buffer

originally send by e-mail on 6 Jun 2016 Configure with ASAN AddressSanitizer: mkdir install; CFLAGS="-fsanitize=address" ./configure --disable-install-doc --disable-install-rdoc --disable-install-capi -prefix=realpath ./install && make -j4 && make install Then execute: $ ./ruby -e...

UBUNTU-CVE-2016-4540

The graphemestripos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...

CVE-2012-4424

Stack-based buffer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function...

Heap overflow

Heap-based buffer overflow in the rbstrjustify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving 1 Stringljust, 2 Stringcenter, or 3 Stringrjust. NOTE: some of these details are obtained from third...

python: PyString_FromStringAndSize does not check for negative size values

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyStringFromStringAndSize function, which allocates less memory than expected when assert is disabled and triggers a buffer overflow...

revokebbrc11-sql.txt

!/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This is a public Exploit...

MySQL subselect DoS

NULL pointer dereference if string function is applied to select with "order by" result...

CVE-2006-3806

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving 1 long strings in the toSource method of the Object, Array, and String objects...

security flaw

The parsestr function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the registerglobals directive via inputs that cause a request to be terminated due to the memorylimit setting, which causes PHP to set an internal flag that...