[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 26604 Download | Alert*

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.

The host is installed with oracle webLogic through 12.2.1.2 or 12.2.1.3 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle jackson-databind component issue. Successful exploitation allows an attacker to execute an unauthenticated remote code.

The host is installed with OpenSSL 1.1.0 through 1.1.0g and is prone to an privilege escalation vulnerability. A flaw is present in the PA-RISC CRYPTO_memcmp function, which has an implementation bug. Successful exploitation could allow attackers to forge messages that would be considered as authenticated.

The host is installed with oracle webLogic server 10.3.6.0, 12.1.3.0, 12.2.1.2 or 12.2.1.3 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle spring framework component issue. Successful exploitation allows an attacker to execute an unauthenticated remote code.

The host is installed with Oracle WebLogic Server component in Oracle WebLogic Server through 12.2.1.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle Centralized Thirdparty Jars (Google Guava). Successful exploitation can cause unspecified impact.

The host is installed with PostgreSQL 10.x before 10.4 or 9.6.x before 9.6.9 and is prone to a privilege escalation vulnerability. The flaw present in the application fails to handle a pg_catalog.pg_logfile_rotate() function issue. Successful exploitation allows attackers to force log rotation.

The host is installed with Artifex Ghostscript through 9.25 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle crafted postscript document. Successful exploitation could allow attackers toexecute arbitrary code.

The host is installed with Apache Couchdb versions less than 2.3.0 and is prone to a unspecified vulnerability. A flaw is present in the applications which fails to properly handle unspecified vectors. Successful exploitation allow remote attackers to access the underlying operating system as the CouchDB user.

The host is installed with Artifex Ghostscript through 9.25 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted PDF file. Successful exploitation could allow attackers to trigger an extremely long running computation when parsing the file.

The host is installed with Google Chrome before 69.0.3497.81 and is prone to a use-after-free vulnerability. A flaw is present in the application which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.


Pages:      Start    1527    1528    1529    1530    1531    1532    1533    1534    1535    1536    1537    1538    1539    1540    ..   2660

© SecPod Technologies