[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 31248 Download | Alert*

The host is installed with cygwin before 2.5.0 and is prone to a privileges escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to gain privileges.

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

The host is installed with Ghostscript 9.21 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted document . Successful exploitation could allow attackers to crash the service.

The host is installed with Ghostscript 9.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to crash the service.

The host is installed with Ghostscript 9.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to crash the service.

The host is installed with Ghostscript 9.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to crash the service.

The host is installed with Ghostscript 9.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to crash the service.

The host is installed with MariaDB before 10.1.30 or 10.2.x before 10.2.10 and is prone to an authentication bypass vulnerability. A flaw is present in the application which fails to properly handle sql/event_data_objects.cc component. Successful exploitation allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statem ...

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.


Pages:      Start    1792    1793    1794    1795    1796    1797    1798    1799    1800    1801    1802    1803    1804    1805    ..   3124

© SecPod Technologies