The method of using PCRE regular-Expression Vulnerability CVE-2015-0318 in Flash0x00 Preface
Issue 199/PSIRT-3161/CVE-2015-0318
Brief Introduction: The PCRE Regular Expression parsing engine used by Flash
Note: Obviously, this engine has a vulnerability. You can see the vulnerability information on the above issue page.
0x01 background
/* For \c, a following letter is upper-cased; then the 0x40 bit is flip
PHP DoS Vulnerability (CVE-2014-3669)
Release date:Updated on:
Affected Systems:PHPDescription:Bugtraq id: 70611CVE (CAN) ID: CVE-2014-3669
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.
PHP versions earlier than 5.5.18 have a denial of service vulnerability. Attackers can exploit this vulnerability to cause the affected applications
OpenVPN DoS Vulnerabilities (CVE-2014-8104)
Release date: 2014-12-01Updated on: 2014-6 6
Affected Systems:OpenVPN OpenVPN Access Server Description:Bugtraq id: 71402CVE (CAN) ID: CVE-2014-8104
OpenVPN is an open-source ssl vpn toolkit.
In versions earlier than OpenVPN 2.3.6 and earlier than OpenVPN Access Server 2.0.11, an error occurred while parsing control channel data packets. Attackers can exploit
Wireshark RTP parser DoS Vulnerability (CVE-2014-6421)
Release date:Updated on:
Affected Systems:Wireshark 1.12.0Description:Bugtraq id: 69855CVE (CAN) ID: CVE-2014-6421
Wireshark is the most popular network protocol parser.
Wireshark 1.12.0 has a denial of service vulnerability. Attackers can exploit this vulnerability to crash affected applications.
*>
Suggestion:Vendor patch:
Wireshark---------The
Google Chrome information leakage (CVE-2014-3173)
Release date:Updated on:
Affected Systems:Google Chrome Description:--------------------------------------------------------------------------------Bugtraq id: 69403CVE (CAN) ID: CVE-2014-3173Google Chrome is a Web browser tool developed by Google.Before Chrome 37.0.2062.94, The WebGL implementation has the uninitialized memory read vulnerability. Attacker
Google Chrome Heap Buffer Overflow Vulnerability (CVE-2014-3157)
Release date:Updated on:
Affected Systems:Google Chrome Description:--------------------------------------------------------------------------------Bugtraq id: 67972CVE (CAN) ID: CVE-2014-3157Google Chrome is a Web browser tool developed by Google.In versions earlier than Chrome 35.0.1916.153, The FFmpegVideoDecoder: GetVideoBuffer function in
Apache Hive Security Restriction Bypass Vulnerability (CVE-2014-0228)
Release date:Updated on:
Affected Systems:Apache Group HiveDescription:--------------------------------------------------------------------------------Bugtraq id: 68039CVE (CAN) ID: CVE-2014-0228Apache Hive is a database software that facilitates query and management of large datasets on distributed storage devices.Apache Hive 0.6.2 and
OpenSSL NULL pointer indirect reference Local Denial of Service Vulnerability (CVE-2014-5139)
Release date:Updated on:
Affected Systems:OpenSSL Project OpenSSL Description:--------------------------------------------------------------------------------Bugtraq id: 69077CVE (CAN) ID: CVE-2014-5139OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. I
Wireshark ASN.1 BER parser DoS Vulnerability (CVE-2014-5165)
Release date:Updated on:
Affected Systems:Wireshark Description:--------------------------------------------------------------------------------Bugtraq id: 69000CVE (CAN) ID: CVE-2014-5165Wireshark is the most popular network protocol parser.In the ASN.1 BER parser of Wireshark 1.10.0-1.10.8, The dissect_ber_constrained_bitstring function in the e
Apache Struts 2 Remote Code Execution Vulnerability Analysis (CVE-2016-0785)
Apache Struts 2 is one of the world's most popular Java Web Server frameworks. Unfortunately, a security researcher found a remote code execution vulnerability on Struts 2. At present, Apache has released an announcement that the risk level of this vulnerability is high.Encyclopedia of the red/Black Alliance: Struts 2Struts 2 is the next-generation product of Struts. It is a
Tags: method Oracle database Use lang query sys serve problem extraIn this article, we will work together to analyze the Oracle database's XXE Injection Vulnerability (cve-2014-6577), which was released by Oracle on January 20 with patches for this vulnerability. For XXE related knowledge, you can check the security pulse station in another article, "Unknown attack to know how to prevent--xxe loopholes defense." Vulnerability Description The XML parse
GNU Bash incomplete fix Remote Code Execution Vulnerability (CVE-2014-6278)
Release date:Updated on:
Affected Systems:GNU Bash Description:Bugtraq id: 70166CVE (CAN) ID: CVE-2014-6278
Bash, a Unix shell, was written by Brian fox for the GNU program in 1987.
The GNU Bash 4.3 bash43-026 and earlier versions do not properly parse function definitions in environment variable values, which allows remote attacker
cve-2017-12617 Severe Remote Code Execution (RCE) vulnerability found in Apache Tomcat
Affects systems with HTTP put enabled (by setting the default servlet read-only initialization parameter to false). If the default servlet parameter is read-only set to False, or the default servlet is configured, The Tomcat version before 9.0.1 (Beta), 8.5.23,8.0.47, and 7.0.82 contains potentially dangerous remote code execution on all operating systems (RCE) The
Release date:Updated on:
Affected Systems:PostgreSQL 8.xDescription:--------------------------------------------------------------------------------Bugtraq id: 65721CVE (CAN) ID: CVE-2014-0067
PostgreSQL is an advanced object-relational database management system that supports extended SQL standard subsets.
When PostgreSQL versions earlier than 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20 run the "make check" regression test in the constructor tree, th
Release date:Updated on:
Affected Systems:PostgreSQL 9.3.xPostgreSQL 9.2.xPostgreSQL 9.1.xPostgreSQL 9.0.xDescription:--------------------------------------------------------------------------------Bugtraq id: 66557CVE (CAN) ID: CVE-2014-2669PostgreSQL is an advanced object-relational database management system that supports extended SQL standard subsets.PostgreSQL 9.0.16, 9.1.12, 9.2.7, and 9.3.3 have multiple integer overflow vulnerabilities in cont
Release date:Updated on:
Affected Systems:Apache Group Tomcat 8.0.0-RC1-8.0.3Apache Group Tomcat 7.0.0-7.0.52Apache Group Tomcat 6.0.0-6.0.39Description:--------------------------------------------------------------------------------Bugtraq id: 67671CVE (CAN) ID: CVE-2014-0075Apache Tomcat is a popular open-source JSP application server program.Apache Tomcat 8.0.0-RC1-8.0.3, 7.0.0-7.0.52, 6.0.0-6.0.39 versions have security vulnerabilities on malforme
Play bad vulnerability: Let the CVE-2014-4113 overflow Win8
1. Introduction
In October 14, 2014, Crowdstrike and FireEye published an article describing a new Windows Elevation of Privilege Vulnerability.Articles about CrowdstrikeMing: This new vulnerability was discovered by hurricane panda, a highly advanced attack team. Before that, it had been at least five months before the vulnerability was exploited by HURRICANE pandatv.
After Microsoft release
Release date:Updated on:
Affected Systems:Apache Group Camel Apache Group Camel Description:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2014-0002
Apache Camel is an open-source integration framework based on a known enterprise-level integration model.
The XSLT components of Apache Camel 2.11.0-2.11.3 and Apache Camel 2.12.0-2.12.2 use xslt routines to pa
Process and conclusion of CVE-2014-4423 Analysis
Introduction
Some time ago, "steamed rice" published an article on its blog "phishing attack (stealing the App Store password) on a non-jailbreaking iPhone 6 (iOS 8.1.3 )", try to reproduce the entire process after seeing the article. Since "steamed rice" clearly describes the entire process, combined with Apple's related documents, it quickly realizes background running, round robin check App running,
Unbound Security Restriction Bypass Vulnerability (CVE-2017-15105)Unbound Security Restriction Bypass Vulnerability (CVE-2017-15105)
Release date:Updated on:Affected Systems:
Unbound
Description:
Bugtraq id: 102817CVE (CAN) ID: CVE-2017-15105Unbound is a recursive and cached DNS parser.Unbound 1.6.8 and earlier versions have security vulnerabilities in the
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.