[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251782

 
 

909

 
 

196543

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15174 Download | Alert*

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before13.13-cert6, insufficient RTCP packet validation could allow read ing stalebuffer contents and when combined with the "nat" and "symmetric_rtp"options allow redirecting where Asterisk sends the next RTCP report.

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

In the pjsip channel driver in Asterisk 13.x before 13.17.1 and14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis-dev 1.3.5allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file.

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugineditor via a crafted plugin name.

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Before version 4.8.2, WordPress mishandled % characters and additionalplaceholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a.desktop file"s Name field ends in .pdf but this file"s Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the ...

A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick"s "convert"utility. It"s not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Customapplications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Ima ...


Pages:      Start    599    600    601    602    603    604    605    606    607    608    609    610    611    612    ..   1517

© SecPod Technologies