The vulnerability of the cmd parameter in D-Link router microprogramming devices such as D-Link DNS-320L, D-Link DNS-327L, D-Link DNR-326, D-Link DNS-320B, D-Link DNS-345, D-Link DNS-325, and D-Link DNS-322L allows attackers to bypass the authentication process.

The vulnerability of the cmd parameter in D-Link DNS-320L, D-Link DNS-327L, D-Link DNR-326, D-Link DNS-320B, D-Link DNS-345, D-Link DNS-325, and D-Link DNS-322L routers is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read. The parseryyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service invalid write or read or possibly have unspecified other impact via a crafted Ruby script, related to the...

CVE-2014-7953

Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat'...

Medium: R

Issue Overview: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this...

The vulnerability of the iOS operating system and the Mac OS X operating system allows attackers to trigger a service failure or execute arbitrary code.

The vulnerability of the CoreText component in the iOS operating system and the Mac OS X operating system arises from the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure...

PT-2017-9757 · R Development Core Team +2 · R +2

Name of the Vulnerable Software and Affected Versions: R version 3.3.0 Description: A buffer overflow issue exists in the LoadEncoding functionality. This can be triggered by a specially crafted R script, causing a buffer overflow that results in memory corruption. An attacker can exploit this by...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of component ATS in the Mac OS X operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, or cause a service failure memory corruption, application...

The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality of protected information.

The vulnerability exists in Mozilla Firefox ESR due to improper initialization of memory intended for displaying GIFs. Exploiting this vulnerability allows malicious actors to gain access to confidential information from the process’s memory, through a specially crafted web script that interacts...

Code injection

F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification EAV monitor script...

The vulnerability of the ATML component in Microsoft Lync, the Microsoft Office suite, and the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the ATML component in Microsoft Lync, the Microsoft Office suite, and the Windows operating system is due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted script file...

Vulnerabilities of iOS and Mac OS X operating systems, allowing attackers to execute arbitrary code or cause system failures

The vulnerability of the CoreText component in iOS and Mac OS X operating systems arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure using a specially crafted script file...

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

CVE-2014-2021

Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...

Sybase Advantage Data Architect - "*.SQL" Format Heap Oveflow

No description provided by source. Exploit Title: Sybase Advantage Data Architect .SQL Format Heap Oveflow RCE Date: 2010-10-16 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.sybase.com/products/databasemanagement/advantagedatabaseserver/data-architect-utility...

Buffer overflow

Buffer overflow in Symantec Endpoint Protection SEP 11.0.600x through 11.0.710x and Symantec Network Access Control SNAC 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script...

Design/Logic Flaw

The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433...

CVE-2010-1169

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrar...

Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)

The remote host is missing an update to cyrus-imapd announced via advisory MDVSA-2009:229-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Cross site scripting

Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame...

CVE-2009-0276

Removed by vendor...