[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

124222

 
 

909

 
 

106938

 
 

150

 
 
Paid content will be excluded from the download.

Filter
Matches : 2076 Download | Alert*

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.

In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. Then, the remote attacker can run any command with root privileges on that server.

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.

The host is installed with VideoLAN VLC media player through 3.0.7 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle an issue in modules/demux/mkv/util.cpp file. Successful exploitation could allow attackers to execute arbitrary code.

The host is installed with VideoLAN VLC media player through 3.0.7 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle an issue in modules/demux/mkv/util.cpp file. Successful exploitation could allow attackers to execute arbitrary code.

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   207

© SecPod Technologies