[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 10145 Download | Alert*

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Modelines allow arbitrary code execution by opening a specially crafted text file

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables.

Passing invalid titles to the API could cause a DoS by querying the entire `watchlist` table.

It is possible to bypass the limits on IP range blocks by using the API.

Loading user JavaScript from a non-existent account allows anyone to create the account, and XSS the users" loading that script.

Exposed suppressed username or log in Special:EditTags.

Exposed suppressed log in RevisionDelete page.

Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover.

A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   1014

© SecPod Technologies