[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255227

 
 

909

 
 

198741

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15249 Download | Alert*

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.

libopenafs-dev 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c via an unexpected bits-per-pixel value for an RGBA image.

The swri_audio_convert function in audio convert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, libaubio-dev 0.4.6, and other products,allows remote attackers to cause a denial of service via a crafted audio file.

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.

wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.

In python-yaml before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safe_load is not used.

Open Ticket Request System 4.0.x before 4.0.28, 5.0.x before 5.0.26,and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.


Pages:      Start    626    627    628    629    630    631    632    633    634    635    636    637    638    639    ..   1524

© SecPod Technologies