Windows FTP Server Format String VulnerabilityCredit:
Author : Peter Winter-Smith
Software:
Packages : Windows FTP Server
Version : 1.6 and below
Vendor : HD Soft/Windows Ftp Server SOFTWARE
Vendor Url : http://srv.nease.net/
Vulnerability:
Bug Type : 'wscanf' Format String Vulnerability
Severity : Moderately/Highly Critical
+ Denial of Service
+ Arbitrary Memory Can Be Read/Written
1. Description of Software
"Are you wondering how to setup a FTP server ?
Companies small to large have their own web sites to distribute info,
products, contact, description of their services, files...
When it comes to fil...
Windows FTP Server Format String Vulnerability #2Posted on 13 January 2004
From: "Peter Winter-Smith" <peter4020(at)hotmail.com>
Credit:
Author : Peter Winter-Smith
Software: Packages : Windows FTP Server
Version : 1.6 and below
Vendor : HD Soft/Windows Ftp Server SOFTWARE
Vendor Url : http://srv.nease.net/
Vulnerability:
Bug Type : 'wscanf' Format String Vulnerability
Severity : Moderately/Highly Critical
+ Denial of Service
+ Arbitrary Memory Can Be Read/Written
1. Description of Software
"Are you wondering how to setup a FTP server ? Companies small to large have
their own web site...
What are proper format strings for String.format, Number.format, etc?
Hi guys, I just started using the client side version of the Ajax framework. Everything is working out so far, except that I can't seem to be able to format any strings of numbers the way I want. Wheather I use the String.format or Number.format functions, I just keep getting Sys.FormatException errors. What are the proper format strings? I tried the relevant ones that I use in C#, but it just doesn't work.Help would be much appreciated!
I believe D, C, N, and P are the only valid ones for numbers (client side).Encosia - ASP.NET, AJAX, and more.Latest article: Using complex ...
iDEFENSE Security Advisory 12.13.04: Adobe Reader 6.0 .ETD File Format String VulnerabilityAdobe Reader 6.0 .ETD File Format String Vulnerability
iDEFENSE Security Advisory 12.13.04
www.idefense.com/application/poi/display?id=163&type=vulnerabilities
December 14, 2004
I. BACKGROUND
Adobe Acrobat Reader is a program for viewing Portable Document Format
(PDF) documents. More information is available at the following site:
http://www.adobe.com/products/acrobat/readermain.html
II. DESCRIPTION
Remote exploitation of a format string vulnerability in version 6.0.2
of Adobe's Reader could allow attackers to execute arbitrary code.
The problem specifically...
How to format a string of percentage format to decimal format ?
How to format a string of percentage format to decimal format ?
1 orginalValue // value will be 1265.48 2 percentString // value after applying percentage format will be 126548 %3 requiredvalue // value should be 1265.48
I converted the string from orginalValue to percentString, now i need to convert back to requiredvalue.
Is there any way to do ?
regards,
Ananth RM - msarm.com
string percentString="126548 %";double value=double.Parse(percentString.Replace("%","").Tri...
Server.HtmlEncode(String.Format
I am trying to prevent html from being entered in a web form. I thought i had done so - however when I tried to test it, I got an error listed below. I didn't think that's how it worked, i thought it just converted any html to plain text.
A potentially dangerous Request.Form value was detected from the client (Name1="<td /> _Test_&a...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the ...
Curency format /String.Format
Dim subtotal As String = price * quatity 'price and quatity are Decimal type. subtotal = String.Format("{0:c}", subtotal) I want to get the sub total in currency format ie somedigits.twodigits (eg 100000.50), i dont want $ or any such symble before the digits. I tried the above code but it fails why?
Hey if you just want to format to 2 decimal places use {0:n2}
Use the following format:
{0:n2}Thanks, EdMicrosoft MVP - ASP/ASP.NET
try out as decima...
Number Format and String Format ?
Suppose I have a number "1", how can change the number format to "001" ?
How can I convert the number "1" into string format "001" ?
Thx for your help ~
:)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconnumericformatstrings.asp
int x = 1;Response.Write(x.ToString("000"));Steven A SmithAspAlliance.com - The #1 ASP.NET CommunityDevAdvice.com - Answers to Questions
If you got your data from SQL Stored Procedure, you can do the formating in your query:
RIGHT('000' + CAST(Col1 AS varchar), 3) -- Tough People Do Tough Task --
It works ~
Thank you ve...
Vulnerabilities and Security, is AJAX secure ?
Hi All,
Since Microsoft's SmartClient technology did not succeed as expected (because its complex design and coding), I recently realized that I have no option but to try to improve my projects with AJAX. Although it's understandable to feel fear when using a "new" or "non-mature" technology, I found this document that made me think twice before I update some of my work to avoid users suffer the "POST" pain: http://www.owasp.org/index.php/Testing_for_AJAX_Vulnerabilities
Can somebody provide me some feedback about this text ?, I found it very...
VLC media player: Format string vulnerabilities...."A vulnerability has been discovered in VLC media player, allowing
for the remote execution of arbitrary code.
[ ]
Resolution
==========
All VLC media player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6c"...
<http://www.securityfocus.com/archive/1/474965>
Download: <http://www.videolan.org/> or Help | Check for updates
--
js
http://justheadlines.awardspace.com
On Sat, 28 Jul 2007 16:02:58 -0700, john s. smith said:
> ..."A vulnerability has been d...
Security vulnerability found in MS SQL Server 2000A vulnerability has been found in Microsoft's SQL Server 2000 that would
allow an attacker to remotely execute code in the server. According to
security consultants SEC Consult, the cause of the problem is a bug in the
program's memory management. By calling the extended stored procedure
sp_replwritetovarbin and supplying several uninitialised variables as
parameters, it is possible to trigger a memory write to a controlled
location. The report claims the success of an attack depends on the version
of Windows being used. SEC Consult says it has developed an exploit that h...
Problem on deployment server, Input string was not in a correct format
Hi there!
I have a very strange problem here. In our developer machines, these Problem
doesn't appear, everything works fine. But in the deployment server we get
always this exception, it doesn't matter what kind of input data we give.
[FormatException: Input string was not in a correct format.]
System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +2752867
System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) +102
System.Int16.Parse(String s, NumberStyles style, NumberForm...
what is the difference bettween string.Format("{0:#.##}", and string.Format("{0:0.00}"
they both seem to do the same thing, what is the difference functionality that # versus 0 ?
string.Format("{0:#.##}", mydecimal);
string.Format("{0:0.00}", mydecimal);
Look here: http://msdn2.microsoft.com/en-us/library/0c899ak8.aspx
Hope it helps
Hi,
As far as I know, they both are different.
0.00 can remain the position all the time. For example, decimal is 0.1 and then it will return to you with 0.10 by 0.00 format.
With #.##, it will cut the unnecessary position in the decimal. For example, decimal is 0.1 and then i...
OpenOffice Neon Client Code Format String VulnerabilitiesSecunia Advisory: SA11364
Release Date: 2004-04-15
Critical: Moderately critical
Impact: System access
Where: From remote
Software: OpenOffice 1.0.x
OpenOffice 1.1.x
CVE reference: CAN-2004-0179
Description:
OpenOffice is affected by some vulnerabilities, which potentially can be
exploited by malicious people to compromise a user's system.
Solution:
Don't connect to untrusted WebDAV servers using OpenOffice.
http://secunia.com/advisories/11364/
--
Donna,
Track or post software updates at
http://www.dozleng.com/updates/index.php?act=calendar
...