[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15145 Download | Alert*

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in/ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.

perltidy through 20160302, as used by perl critic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.

Integer overflow in X.org libxfixes-dev before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX,which triggers the client to stop read ing data and get out of sync.

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allow sremote authenticated users to obtain sensitive information by read ing the fields in the ics or XML calendar feeds.

lshell 0.9.16 allows remote authenticated users to break out of a limitedshell and execute arbitrary commands.

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Multiple XML external entity vulnerabilities in the Dom4JDriver, DomDriver, JDomDriver, JDom2Driver, SjsxpDriver, StandardStaxDriver, and WstxDriver drivers in XStream before 1.4.9allow remote attackers to read arbitrary files via a crafted XML document.

listmp3.c in libming-dev 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift.


Pages:      Start    594    595    596    597    598    599    600    601    602    603    604    605    606    607    ..   1514

© SecPod Technologies