[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd-dev 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service . This vulnerability can be triggered in LibreOffice before5.3.7. It may lead to suffering a remote attack against a LibreOffice application.

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before13.13-cert6, insufficient RTCP packet validation could allow read ing stalebuffer contents and when combined with the "nat" and "symmetric_rtp"options allow redirecting where Asterisk sends the next RTCP report.

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

In the pjsip channel driver in Asterisk 13.x before 13.17.1 and14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis-dev 1.3.5allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file.

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugineditor via a crafted plugin name.

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Before version 4.8.2, WordPress mishandled % characters and additionalplaceholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.


Pages:      Start    605    606    607    608    609    610    611    612    613    614    615    616    617    618    ..   1513

© SecPod Technologies