[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15151 Download | Alert*

The host is installed with HP Linux Imaging and Printing 3.11.5 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted *FoomaticRIPCommandLine field in a .ppd file. Successful exploitation could allow remote attackers to execute arbitrary code.

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesyst ...

unsafe traversal of symlinks

GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name function in cobc/tree.c via crafted COBOL source code.

The host is installed with Splunk 4.3.0 through 4.3.5 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle maliciously crafted link. Successful exploitation allows attackers to inject arbitrary web script or HTML via unspecified vectors.

scripts/inspect_webbrowser.py in Reddit Terminal Viewer 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application"s unrestricted use of the render method and providing a .. in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.


Pages:      Start    1488    1489    1490    1491    1492    1493    1494    1495    1496    1497    1498    1499    1500    1501    ..   1515

© SecPod Technologies