[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255861

 
 

909

 
 

199025

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 198140 Download | Alert*

In the pjsip channel driver in Asterisk 13.x before 13.17.1 and14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis-dev 1.3.5allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file.

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugineditor via a crafted plugin name.

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Before version 4.8.2, WordPress mishandled % characters and additionalplaceholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a.desktop file"s Name field ends in .pdf but this file"s Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the ...

A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick"s "convert"utility. It"s not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Customapplications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Ima ...

WordPress 4.8.2 stores cleartext wp_signups.activation_key values , which might make it easier for remote attackers to hijack unactivated useraccounts by leveraging database read access .

The _zip_read_eocd64 function in zip_open.c in libzip-dev before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service via a crafted ZIP archive.


Pages:      Start    7404    7405    7406    7407    7408    7409    7410    7411    7412    7413    7414    7415    7416    7417    ..   19813

© SecPod Technologies