Qwik 安全漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.2 contained security vulnerabilities. These vulnerabilities stemmed from improper array inference during FormData parsing from dot-separated form field names, which could lead to request processing failures,...

MIT Kerberos 代码问题漏洞

MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters.Kerberos also serves as a network authentication protocol designed to provide strong authentication services to client/server applications through a key system. A security vulnerability...

Internet Bug Bounty: CVE-2017-13090 wget heap smash

The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...

GNU Wget Buffer Overflow Vulnerability

GNU Wget is a set of free software developed by the GNU Project for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A buffer overflow vulnerability exists in versions of GNU Wget prior to 1.19.2. A remote attacker could...

DEBIAN-CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

DEBIAN-CVE-2004-0227

Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string...