[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component with a symbolic link. The threat model incl ...

The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.

The TNEFFillMapi function in lib/ytnef.c in libytnef0 in ytnef through 1.9.2does not ensure a nonzero count value before a certain memory allocation,which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted tnef file.

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan . A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr ...

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted CascadingStyle Sheets token sequence within an SVG element.

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads while handling corrupt STABS enum typestrings in a crafted object file, leading to program crash.

Incorrect interaction of the parse_packet and parse_part_sign_sha256functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service of a collectd instance via a crafted UDP packet.

A null dereference vulnerability has been found in the MIME handling component of libetpan-dev before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Ccheader containing multiple e-mail addresses.

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.


Pages:      Start    587    588    589    590    591    592    593    594    595    596    597    598    599    600    ..   1513

© SecPod Technologies