[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256488

 
 

909

 
 

199193

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 198308 Download | Alert*

guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service via an empty field that should have contained a hostname or IP address.

In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.

p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack.

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file.

base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file.

GNU Debugger 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted wav file.


Pages:      Start    7525    7526    7527    7528    7529    7530    7531    7532    7533    7534    7535    7536    7537    7538    ..   19830

© SecPod Technologies