[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15166 Download | Alert*

The host is installed with Elasticsearch before 1.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the source parameter to _search. Successful exploitation could allow attackers to execute arbitrary MVEL expressions and Java code.

The host is installed with Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted script. Successful exploitation could allow attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

The host is installed with Elasticsearch before 1.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the source parameter to _search. Successful exploitation could allow attackers to execute arbitrary MVEL expressions and Java code.

The host is installed with Elasticsearch 1.4.x before 1.4.5 or 1.5.x before 1.5.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to read arbitrary files.

The host is installed with Elasticsearch 1.4.x before 1.4.5 or 1.5.x before 1.5.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to read arbitrary files.

utils/find-opencv.js in node-opencv prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.

An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow.

acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.


Pages:      Start    1483    1484    1485    1486    1487    1488    1489    1490    1491    1492    1493    1494    1495    1496    ..   1516

© SecPod Technologies