[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15124 Download | Alert*

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.

An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected.

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger ...

Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vul ...

marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.

Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.

dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service via a debugging information entry using DWARF5 and without a DW_AT_name.

The get_build_id function in opncls.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.

The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker program crash.

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.


Pages:      Start    555    556    557    558    559    560    561    562    563    564    565    566    567    568    ..   1512

© SecPod Technologies