CVE-2019-13624

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command...

The vulnerability of the built-in software of the “Granite-Navigator-6.18” device lies in the use of uncontrolled format lines, which allows a perpetrator to trigger a service failure.

The vulnerability of the built-in software of the “Granite-Navigator-6.18” device is related to the use of uncontrolled format lines. Exploiting this vulnerability can allow an attacker to cause a service failure by using a specially crafted command e.g., canrcv canteseo2%n%n%n%n%n%n%n when...

ALPINE-CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

DEBIAN-CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

Format string

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2019-7228

Summary: CVE-2019-7228 is a memory corruption/format-string vulnerability in ABB IDAL HTTP server (used by ABB PB610 Panel Builder 600). The server mishandles format strings during authentication; examples show that using the username "%25s%25p%25x%25n" crashes the server and that "%08x.AAAA.%08x...

Format string

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2019-7230

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2019-7230

The CVE-2019-7230 issue affects ABB IDAL FTP server (PB610 Panel Builder 600) where the IDAL FTP/server mishandles format strings in the username during authentication. The root cause is insecure, format-string handling in the username, enabling memory corruption that can crash the server or log ...

May 23, 2019—KB4499184 (Preview of Monthly Rollup)

May 23, 2019—KB4499184 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4499149released May 14, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an issue t...

PT-2019-2567 · Abb · Abb Idal Ftp Server

Name of the Vulnerable Software and Affected Versions: ABB IDAL HTTP server affected versions not specified Description: The issue is related to the mishandling of format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%2...

CVE-2019-12146

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...

CVE-2019-12146

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...

Learning to Rank Strings Output for Speedier Malware Analysis

Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary’s function, design detectio...

CVE-2019-0820

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981...

CVE-2019-0820

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981...

Information Disclosure

PHP is vulnerable to information disclosure vulnerability. This is because an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to...

Information Disclosure

Mozilla Thunderbird is vulnerable to information disclosure. Attackers can use a crafted CSS in an RSS feed that would leak and reveal local path strings, which may contain user name...