[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253390

 
 

909

 
 

197257

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15192 Download | Alert*

Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.

The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document.

http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.

There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.

The base64decode function in base64.c in libimobiledevice libplist++-dev through1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service via split encoded Apple Property List data.

The gst_asf_demux_process_ext_content_desc function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service via vectors involving extended content descriptors.

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Queryin WordPress before 4.7.2 allows remote attackers to execute arbitrary SQLcommands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.

Cross-site request forgery vulnerability in WordPress before 4.7.1allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.

Multiple cross-site scripting vulnerabilities inwp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the name or version header of a plugin.


Pages:      Start    606    607    608    609    610    611    612    613    614    615    616    617    618    619    ..   1519

© SecPod Technologies