[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 26348 Download | Alert*

The host is installed with Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle vectors related to the ANSI MAP, ASF, IEEE 802.11, IEEE 802.3 and LTP dissectors. Successful exploitation allows remote attackers to cause a denial of service (infinite loop).

The host is installed with PHP before 5.3.15 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle the SQLite functionality. Successful exploitation allows attackers to bypass the open_basedir protection mechanism via unspecified vectors.

The host is installed with PHP before 5.3.15 or 5.4.0 before 5.4.5 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle the _php_stream_scandir function in the stream implementation. Successful exploitation has unknown impact and remote attack vectors, related to an "overflow."

The host is installed with PHP before 5.3.14 or 5.4.x before 5.4.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted parameter value. Successful exploitation allows remote attackers to cause a denial of service (out-of-bounds read and application crash).

The host is installed with Wireshark 1.4.x before 1.4.15 or 1.6.x before 1.6.10 or 1.8.x before 1.8.2 and is prone to integer overflow vulnerability. A flaw is present in the application, which fails to handle the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector. Successful exploitation allows remote attackers to cause a denial of service (loop or application crash).

The host is installed with Wireshark 1.4.x before 1.4.15 or 1.6.x before 1.6.10 or 1.8.x before 1.8.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle the dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector. Successful exploitation allows remote attackers to cause a denial of service (application crash).

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulner ...

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.


Pages:      Start    1156    1157    1158    1159    1160    1161    1162    1163    1164    1165    1166    1167    1168    1169    ..   2634

© SecPod Technologies