[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15192 Download | Alert*

The host is installed with Oracle WebLogic Server component in Oracle WebLogic Server 10.3.6.0, 12.1.3.0 or 12.2.1.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle issues related to Web Services. Successful exploitation can cause unspecified impact.

The host is installed with HP Linux Imaging and Printing 3.11.5 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted *FoomaticRIPCommandLine field in a .ppd file. Successful exploitation could allow remote attackers to execute arbitrary code.

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesyst ...

unsafe traversal of symlinks

GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name function in cobc/tree.c via crafted COBOL source code.

The host is installed with Splunk 4.3.0 through 4.3.5 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle maliciously crafted link. Successful exploitation allows attackers to inject arbitrary web script or HTML via unspecified vectors.

scripts/inspect_webbrowser.py in Reddit Terminal Viewer 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.


Pages:      Start    1492    1493    1494    1495    1496    1497    1498    1499    1500    1501    1502    1503    1504    1505    ..   1519

© SecPod Technologies