[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15192 Download | Alert*

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating the domain parameter of the samba URL.

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere by passing directory traversal sequences such as a home/../usr substring.

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function . Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function . Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

ephy-session.c in libephymain.so in GNOME Web through 3.28.2.1 allows remote attackers to cause a denial of service via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

libephymain.so in GNOME Web through 3.28.2.1 allows remote attackers to cause a denial of service via certain window.open and document.write calls.

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.


Pages:      Start    1063    1064    1065    1066    1067    1068    1069    1070    1071    1072    1073    1074    1075    1076    ..   1519

© SecPod Technologies