[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252271

 
 

909

 
 

196835

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 31436 Download | Alert*

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

The host is installed with Ghostscript 9.21 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted document . Successful exploitation could allow attackers to crash the service.

The host is installed with Ghostscript 9.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to crash the service.

The host is installed with Ghostscript 9.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to crash the service.

The host is installed with Ghostscript 9.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to crash the service.

The host is installed with Ghostscript 9.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to crash the service.

The host is installed with MariaDB before 10.1.30 or 10.2.x before 10.2.10 and is prone to an authentication bypass vulnerability. A flaw is present in the application which fails to properly handle sql/event_data_objects.cc component. Successful exploitation allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statem ...

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.

The host is installed with oracle webLogic through 12.2.1.2 or 12.2.1.3 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle jackson-databind component issue. Successful exploitation allows an attacker to execute an unauthenticated remote code.


Pages:      Start    1834    1835    1836    1837    1838    1839    1840    1841    1842    1843    1844    1845    1846    1847    ..   3143

© SecPod Technologies