[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15166 Download | Alert*

** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable.

** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting ...

common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

** DISPUTED ** SQL injection vulnerability in the "find_by" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "name" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.

common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used.

** DISPUTED ** SQL injection vulnerability in the "reorder" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "name" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.

** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.

** DISPUTED ** SQL injection vulnerability in the "order" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "id desc" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.

** DISPUTED ** SQL injection vulnerability in the "where" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "id" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   1516

© SecPod Technologies