[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15145 Download | Alert*

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, result ing in denial of service.

The parse_dict_node function in bplist.c in libplist++-dev allows attackers to cause a denial of service via a crafted file.

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makesit easier for remote attackers to bypass intended access restrictions via a crafted site signup or user signup.

The gst_asf_demux_process_ext_stream_props function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3allows remote attackers to cause a denial of service via vectors related to the number of languages in a video file.

The plist_free_data function in plist.c in libplist++-dev allows attackers to cause a denial of service via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.

Cross-site scripting vulnerability inwp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary webscript or HTML via a crafted excerpt.

Cross-site scripting vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related towp-admin/includes/class-theme-installer-skin.php.

The main function in plistutil.c in libimobiledevice libplist++-dev through 1.12allows attackers to obtain sensitive information from process memory or cause a denial of service via Apple Property List data that is too short.

plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 through 1.15.2 mishandles Distinguished Name fields, which allows remote attackers to execute arbitrary code or cause a denial of service in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos ...


Pages:      Start    613    614    615    616    617    618    619    620    621    622    623    624    625    626    ..   1514

© SecPod Technologies