[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15166 Download | Alert*

GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name function in cobc/tree.c via crafted COBOL source code.

The host is installed with Splunk 4.3.0 through 4.3.5 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle maliciously crafted link. Successful exploitation allows attackers to inject arbitrary web script or HTML via unspecified vectors.

scripts/inspect_webbrowser.py in Reddit Terminal Viewer 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application"s unrestricted use of the render method and providing a .. in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.

Cross-site scripting vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

A Persistent XSS vulnerability exists in Kodi through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user"s browser via a playlist.

Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.


Pages:      Start    1490    1491    1492    1493    1494    1495    1496    1497    1498    1499    1500    1501    1502    1503    ..   1516

© SecPod Technologies