797 matches found
CVE-2018-1083
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mention...
CVE-2018-1083
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mention...
CVE-2018-1083
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mention...
CVE-2018-1083
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mention...
CVE-2018-1083
CVE-2018-1083 affects zsh: a stack/buffer overflow in the shell’s auto-complete path handling (gen_matches_files in compctl.c) can allow a local, unprivileged user to execute code in their own context, escalating privileges if the user is privileged. Public advisories and vendor notes confirm mul...
CVE-2018-1083
A buffer overflow flaw was found in the zsh shell auto-complete functionality. A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path. If the user affect...
UBUNTU-CVE-2018-1083
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mention...
CVE-2018-1083
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mention...
[ASA-201803-2] mkinitcpio-busybox: arbitrary code execution
Arch Linux Security Advisory ASA-201803-2 ========================================= Severity: High Date : 2018-03-01 CVE-ID : CVE-2017-16544 Package : mkinitcpio-busybox Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-514 Summary ======= The package...
ALPINE-CVE-2017-16544
In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...
CVE-2017-16544
CVE-2017-16544 affects BusyBox, specifically the add_match function in libbb/lineedit.c, where tab completion can execute an escape sequence in the terminal due to unsanitized filenames (vulnerable through 1.27.2). Multiple connected advisories confirm the issue and describe potential arbitrary c...
CVE-2017-16544
In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...
CVE-2017-16544
In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...
CVE-2017-16544
In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...
GHSA-QQXP-XP9V-VVX6 jquery-ui Tooltip widget vulnerable to XSS
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
jquery-ui Tooltip widget vulnerable to XSS
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
Moderate severity vulnerability that affects jquery-ui
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
Legal Robot: Autocomplete feature
A security researcher discovered that several password fields did not contain the Autocomplete attribute. Thanks to @gujjuboy10x00 for pointing this out!...
Bypass Access Restrictions
Moodle is vulnerable to bypassing of access restrictions. The bypass is possible because tag/tagautocomplete.php ignores the moodle/tag:edit capability before adding a tag, allowing any authenticated users to launch attack through an AJAX request...
versandapotheke-allgaeu.de XSS vulnerability
Vulnerable URL: http://www.versandapotheke-allgaeu.de/autocomplete.php/?fallbackurl=http://www.versandapotheke-allgaeu.de/catalogsearch/ajax/suggest/=default=test"'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability...