CVE-2014-2528

kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' single quote character in the directory name, a different vulnerability than CVE-2014-2527...

FreeBSD : serf -- SSL Certificate Null Byte Poisoning (69048656-2187-11e4-802c-20cf30e32f6d)

serf Development list reports : Serf provides APIs to retrieve information about a certificate. These APIs return the information as NUL terminated strings commonly called C strings. X.509 uses counted length strings which may include a NUL byte. This means that a library user will interpret any...

Code injection

The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history, aka Bug ID CSCuj81713...

CVE-2014-3303

The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history, aka Bug ID CSCuj81713...

MPG123 0.59 Find Next File Remote Client-Side Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11958/info A remote client-side buffer overflow vulnerability affects mpg123. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static...

Crysis <= 1.1.1.5879 Remote Format String Denial of Service PoC

No description provided by source. The Crysis engine passes along internal debug strings through the game. One of them is passed to vsprintf in the crt lib: 30503263 8D8C24 10100000 LEA ECX,DWORD PTR SS:ESP+1010 3050326A 51 PUSH ECX 3050326B 50 PUSH EAX 3050326C 8D5424 08 LEA EDX,DWORD PTR SS:ESP...

RedStorm Ghost Recon Game Engine Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9738/info The Ghost Recon Game Engine has been reported prone to a denial of service vulnerability. When handling text strings, the Ghost Recon Game Engine employs a 32-bit integer string size prefix in order to monitor t...

VyPRESS Messenger 3.5 - Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11310/info VyPRESS Messenger is affected by a remote buffer overflow vulnerability. This issue is due to a failure of the application to verify the length of user-supplied strings prior to copying them into finite process...

Veritas NetBackup <= 6.0 (bpjava-msvc) Remote Exploit (linux)

No description provided by source. !/usr/bin/perl VERITAS-Linux.pl - VERITAS NetBackup Format Strings Linux/x86 Remote Exploit johnhatdigitalmunitiondotcom bug found by kflistsatdigitalmunitiondotcom http://www.digitalmunition.com/ use POSIX; use IO::Socket; use IO::Select; use strict; print STDE...

Nortel Networks SRG V16 modules.php module Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/30687/info Navboard is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability. An attacker can exploit the local file-include vulnerability using directory-traversal strings to execu...

Veritas NetBackup <= 6.0 (bpjava-msvc) Remote Exploit (OS X)

No description provided by source. !/usr/bin/perl VERITAS-OSX.pl - VERITAS NetBackup Format Strings OSX/ppc Remote Exploit johnhatdigitalmunitiondotcom bug found by kflistsatdigitalmunitiondotcom http://www.digitalmunition.com/ use POSIX; use IO::Socket; use IO::Select; my $shellcode = / OSX...

David Bagley xlock 4.16 User Supplied Format String Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the xlock shipped with a numb...

XLReader 0.9 - Remote Client-Side Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11970/info A remote, client-side buffer overflow vulnerability affects xlreader. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static...

PlutoStatus Locator 1.0pre alpha 'index.php' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27802/info PlutoStatus Locator is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to...

NSTX 1.0/1.1 - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9989/info It has been reported that NSTX is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to handle network strings of excessive length. This issue may allow a remote...

SquirrelMail 1.2.x From Email Header HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10450/info SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An...

Forum Rank System 6 - 'settings['locale']' Parameter Multiple Local File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/29077/info Forum Rank System is prone to local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to vie...

Hylafax 4.1.x HFaxD Unspecified Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9005/info Hylafax hfaxd daemon has been reported prone to an unspecified format string vulnerability that may be exploited under non-standard configurations to execute arbitrary instructions remotely as the root user. /...

ImageMagick 6.x PNM Image Decoding Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13351/info A remotely exploitable client-side buffer-overflow vulnerability affects ImageMagick. This issue occurs because the application fails to properly validate the length of user-supplied strings before copying them...

TP-Link Print Server TL PS110U - Sensitive Information Enumeration

No description provided by source. Exploit Title: TP-Link Print Server Sensitive Information Enumeration Exploit Author: SANTHO Vendor Homepage: http://www.tp-link.com Software Link: http://www.tp-link.com/en/products/details/?model=TL-PS110U Version: TL PS110U TP-Link TL PS110U Print Server runs...