let b:asmsyntax = substitute(head,
'.*\sasmsyntax=\([a-zA-Z0-9]\+\)\s.*','\1', "")
This would work if substitute() were a matching function -- returning a
matching string, or an empty string if the pattern failed to match. But
substitute() always returns its first argument -- substituting the
matching string (if any). If the pattern fails to match, substitute()
returns its first argument as-is:
| pattern matches | no match
Problem Description:
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and
earlier allows remote attackers to cause a denial of service (crash)
via a crafted PRIVMSG that causes an empty string to trigger a negative
string length copy. NOTE: this issue exists because of an incorrect
fix for CVE-2007-2807 (CVE-2009-1789).
_______________________________________________________________________
References:
Details
----------
legacy file manager (lfm) is more vulnerable than the standard one. In legacy file manager, only by viewing list of files, attacker code can be executed. In standard file manager, list of file is well escaped, but attacker still can inject script when victims click on any of these task: delete, copy, move, rename, edit, change permissions, extract, compress on file with malicious name.
to make browser load and execute external script, attacker can't directly use <script> tag because slash character is forbidden in file name. To overcome that restriction, attacker can inject script via <img> tag onError attribute and set src attribute with empty string to force error event always triggered. the script injected via <img> tag generate <script> tag to execute external script by using document.write() function.
PoC exploit
-----------------
malicious file name:
Problem Description:
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and
earlier allows remote attackers to cause a denial of service (crash)
via a crafted PRIVMSG that causes an empty string to trigger a negative
string length copy. NOTE: this issue exists because of an incorrect
fix for CVE-2007-2807 (CVE-2009-1789).
Update:
1, 'admin', '9a58f70e7ded1bcb568b02815a1c4a56', 'Mozilla/5.0 (Windows;
U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko)
Chrome/3.0.195.27 Safari/532.0', '192.168.0.26'
When the adminstrator logs out, these values are cleared. So sessId and
the others fields become empty (as in an empty string).
> SELECT adminId, username, sessId, browser, sessIp FROM
CubeCart_admin_users C;
1, 'admin', '', '', ''
Let's analyze the code:
Description
===========
Steffen Joeris reported that Blender's BPY_interface calls
PySys_SetArgv() in such a way that Python prepends sys.path with an
empty string.
Impact
======
A local attacker could entice a user to run "blender" from a directory
This lets an attacker set demoSession=1 to bypass authorization and
freely access any part of the application. Setting the variable to one
bypasses the first check ($demoSession != true) but the second boolean
expression ($demoSession == 'true') evaluates to false thereby not
initializing the action variable to an empty string.
// check session validity, except for demo user
if (($checkSession == true) && ($demoSession != true)) {
// a client user trying to get outside of the "client project site"
if (($profilSession == 3) && (!strstr($_SERVER['PHP_SELF'],
Versions Affected:
tc Server Runtime 6.0.19.A, 6.0.20.A, 6.0.20.B, 6.0.20.C, 6.0.25.A
Description:
A problem has been identified in the com.springsource.tcserver.serviceability.rmi.JmxSocketListener. If the listener is configured to use an encrypted password ( i.e. the password is prefaced with s2enc:// ) then entering either the correct password or an empty string will allow authenticated access to the JMX interface. The JMX interface is not remotely accessible by default but may be configured for remote access by setting the address attribute.
Mitigation:
All users are recommended to immediately switch to non-encrypted passwords for the JMX interface or to disable the JMX interface.
Users wishing to continue to use the JMX interface with encrypted passwords should upgrade the tc Server Runtime to 6.0.20.D or 6.0.25.A-SR01 (included in tc Server 2.0.0.SR01) available from the SpringSource support portal (for customers with support contracts) or the SpringSource download centre.
Two vulnerabilities have been discovered in KVM, a solution for full
virtualization on x86 hardware:
CVE-2011-0011
Setting the VNC password to an empty string silently disabled
all authentication.
CVE-2011-1750
The virtio-blk driver performed insufficient validation of
