stack trace
0x81a55e2
0x81a58b7
0x81a6487
0xb7e2a33a
0xb7c4b5ce
New value of fp=(nil) failed sanity check, terminating stack trace!
Please read http://dev.mysql.com/doc/mysql/en/using-stack-trace.html
and follow instructions on how to resolve the stack trace. Resolved
stack trace is much more helpful in diagnosing the problem, so please do
resolve it
Trying to get some variables.
ST7 empty 1041416.9375000000000
3 2 1 0 E S P U O Z D I
FST 4220 Cond 1 0 1 0 Err 0 0 1 0 0 0 0 0 (EQ)
FCW 007F Prec NEAR,24 Mask 1 1 1 1 1 1
Stack Trace:
Call stack of main thread
Address Stack Procedure / arguments Called from
Frame
0012DFC4 68175563 DIRAPI.681747A0 DIRAPI.6817555E
0012DFE4 6817003B DIRAPI.68175290 DIRAPI.68170036
. 2010-06-16:
Vendor acknowledges notification and says that the product team will
look into the issue.
. 2010-06-17:
Vendor asks for a stacktrace and crash dump file to confirm that
they're reproducing the same issue.
. 2010-06-15:
Core sends stacktrace and crash dump and asks to confirm that the bug
could be reproduced with the PoC sent earlier.
and dynamic content on digital displays.
A vulnerability exists in all Cisco DMM versions earler than 5.2 that
could allow authenticated but unauthorized users to view Cisco Digital
Media Player user credentials and LDAP credentials (if configured) in
error log messages and stack traces.
This vulnerability is documented in Cisco Bug ID CSCtc46050 and has
been assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2010-0572.
eip=2a2c277a esp=0013d0f4 ebp=0013d0fc iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206
Stack Trace:
<Unloaded_ion.dll>+0x2a2c2779
mshtmled!ReleaseInterface+0x12
mshtmled!CHtmlDlgHelper::~CHtmlDlgHelper+0x10
mshtmled!ATL::CComAggObject<CHtmlDlgHelper>::`scalar deleting
destructor'+0xd
7c90e473 33c9 xor ecx,ecx
7c90e475 33d2 xor edx,edx
7c90e477 cd2b int 2Bh
7c90e479 cc int 3
The Stack Trace:
ntdll!KiUserCallbackDispatcher+0x0
USER32!NtUserMessageCall+0xc
USER32!SendMessageA+0x7f
Plugin!NP_Shutdown+0x41f4
Result:
Fatal error: Uncaught exception 'Exception' with message 'No like class available
for forums - /../../test' in C:\apache_www\ipb330\admin\sources\classes\like\composite.php:333
Stack trace: #0 C:\apache_www\ipb330\admin\applications\core\modules_public\global\like.php(131):
classes_like::bootstrap('forums', '/../../test')
#1 C:\apache_www\ipb330\admin\applications\core\modules_public\global\like.php(44):
public_core_global_like->_unsubscribe()
#2 C:\apache_www\ipb330\admin\sources\base\ipsController.php(306):
public_core_global_like->doExecute(Object(ipsRegistry)) #3
sanitization was not done on the catids parameter on the advanced search
page, it is possible for an attacker to run limited SQL commands on the
server.
Furthermore, when exploited with invalid SQL, it provides the full
stacktrace. This gives the attacker the exact version of Kunena, PHP,
and MySQL along with path to kunena.search.class.php. This path often
starts with /home/username which discloses the username, which can then
be used to launch further attacks. This can not be disabled in the
1.5.x branch, in 1.6.x branch it can be disabled via "display_errors = off".
Full Path Disclosure via "page", "form", etc. Parameters:
WCF based applications use a factory pattern to load and instantiate the class
appropriate for the current page based on user input. If the user submits data
not resolving to a valid class, the exception handler adds the whole stacktrace
- including the full path - into an HTML comment.
XSS via "page", "form", etc. Parameters:
The aforementioned trace includes the user submitted parameter as function
8.3 A Reflected Cross Site Scripting vulnerability was found in the
"start" variable within the 'Show Portal Page' section.
During page rendering, if a FreeMarker TemplateException is thrown
then the stack trace is printed directly into the response and the
exception messages may contain un-sanitized user input which can expose
a Reflected Cross-Site Scripting vulnerability.
For any page rendered via a FreeMarker template that contains:
${screens.render(screenLocation, screenName)}
- Safari crashes in method CFCharacterSetInitInlineBuffer because the
first passed pointer argument (stored in ecx) was not sanized.
Hence dereferencing a null pointer Sarafi will crash.
Excerpt from stack trace:
CoreFoundation!CFCharacterSetInitInlineBuffer+0x357
CoreFoundation!CFURLCopyFileSystemPath+0xf3
CoreFoundation!CFURLGetWideFileSystemRepresentation+0x23
CFNetwork!CFHTTPMessageSendRequest+0x6e4
CFNetwork!CFHTTPMessageSendRequest+0x96e
EDI 00000000
EIP 77C47C7E msvcrt.77C47C7E
C 0 ES 0023 32bit 0(FFFFFFFF)
Attaching image for above stack trace and PoC script.
#############START PYTHON########################
import sys
import string
~~~~~~~~~~~~~~~
This bug is a typical result of what we call unclamped loop. An "attacker"
will give the Radius value of the Circle attribute a very big value. That
is leetness.
Stack trace :
ntkrnlpa.exe+0x6e9ab
ntkrnlpa.exe!MmIsDriverVerifying+0xbb0
hal.dll+0x2ef2
xul.dll!NS_InvokeByIndex_P+0x30c36
xul.dll!NS_InvokeByIndex_P+0x30e8a
%0D%0A>alert('0a29');</script%0D%0A>
http://site/nnm/protected/traceroute.jsp?nodename=</title><script
%0D%0A>alert('0a29');</script%0D%0A>
When the filter detects javascript contained in GET request arguments,
the server responds with an error 500 and a stack trace, which starts
with:
javax.servlet.ServletException: Detected JavaScript tag in
QueryString: "nodename=%3C/title%3E%3CSCRIPT%3E"; decoded:
"nodename=</title><script>"
~~~~~~~~~~~~~~~~~~~~~~~~~
DD/MM/YYYY
14/12/2008 : Created bugzilla entry (security) with (the wrong) proof of concept
file.
14/12/2008 : Attached the correct POC file (mea culpa) and a stack trace and details
of memory corruption that repeatedly occurred during testing the POC
24/12/2008 : dveditz@mozilla.com comments : "I can definitely confirm the denial
of service aspect, and there's a very minor memory leak (after 9
hours of CPU time memory use went from 60MB to 360MB). Haven't been
Vendor: Eclipse
Advisory: http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss/
Author: Michele "euronymous" Orr (euronymous AT antisnatchor DOT com)
Quite a common problem in a lot of Java based applications: reflected
XSS in Java stack trace.
A Reflected XSS is present in the _report parameter: here below the modified
request (that is the BIRT 2.2.1 version included in Konakart 2.2.6)
GET
SQL Query:
SELECT `id`, `album_theme` FROM `zp_albums` WHERE `folder` LIKE
"1ACUSTART'"*" OR `folder` LIKE "1ACUSTART'"*/
ACUEND"
Stack trace:
1. query([string] "SELECT `id`, `album_theme` FROM `zp_albums` WHERE
`folder` LIKE "1ACUSTART'"*" OR `folder` LIKE "1ACUSTART'"*/\n
ACUEND"", [boolean] false)
2. query_full_array([string] "SELECT `id`, `album_theme` FROM
`zp_albums` WHERE `folder` LIKE "1ACUSTART'"*" OR `folder` LIKE
and will skip its "step 1" challenge.
Each Cyrus SASL authentication method has a different context data
structure layout. Because of these differences, the bits from the
CRAM-MD5 method's context data structure will not work as intended
with the DIGEST-MD5 method. As shown in the stack trace below, the
Postfix SMTP server process crashes in "step 2" of the DIGEST-MD5
authentication protocol. This happens while attempting to read from
a pointer that contains an invalid address.
In this particular example, the Postfix SMTP server crashes while
Appendix B – Stack trace of the error
STACK_TEXT:
00000000`7701d1cd ntdll! ?? ::FNODOBFM::`string'+0x123b4
000007fe`fd171512 KERNELBASE!LocalFree+0x2e
000007fe`fe1fedb7 RPCRT4!Ndr64ConformantArrayFree+0x1e7
desc'
-----------------------------26418279386900
...
Due to the unsafe inclusion of user provided content into the dynamically built SQ statement, the system returns an error including details on the database engine used, error type, middleware settings, and SQL error stack trace. Such information allowed devising further SQL Injection test cases.
Affected Versions
Message Center II service of Google Message Security SaaS build 6_24 (January 2010).
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CVE-2009-2897: Reflected XSS in stack trace
Severity: Moderate
Vendor: SpringSource
Versions Affected: Hyperic HQ 3.2, 4.0, 4.1, 4.2-beta1. Earlier,
|
