[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15149 Download | Alert*

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow.

acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by "constructor": {"name":"Symbol"}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

The host is installed with Novell File Reporter 1.0.4.2 or earlier and is prone to arbitrary files deletion vulnerability. A flaw is present in the application which is caused due to an error in the NFR Agent (NFRAgent.exe) when handling "OPERATION " and "CMD" commands in the "SRS" tag. Successful exploitation allows remote attacker to delete arbitrary files.

The host is installed with Adobe Reader before 8.1.5 or Adobe Reader 9 before 9.1.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a PDF file that triggers a call to this method with a long string in the second argument. Successful exploitation allow attackers to crash the service or execute arbitrary code.

The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0allows remote attackers to cause a denial of service via a crafted jpeg file.

The backtrack compilation code in the Irregex package before 0.9.6 for Scheme allows remote attackers to cause a denial of service via a crafted regular expression with a repeating pattern.

The glob implementation in the GNU C Library allows remote authenticated users to cause a denial of service via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.


Pages:      Start    1482    1483    1484    1485    1486    1487    1488    1489    1490    1491    1492    1493    1494    1495    ..   1514

© SecPod Technologies