Paid content will be excluded from the download.
Matches : 10145
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Modelines allow arbitrary code execution by opening a specially crafted text file
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables.
Passing invalid titles to the API could cause a DoS by querying the entire `watchlist` table.
It is possible to bypass the limits on IP range blocks by using the API.
Exposed suppressed username or log in Special:EditTags.
Exposed suppressed log in RevisionDelete page.
Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover.
A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them.