8766 matches found
DEBIAN-CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename...
Design/Logic Flaw
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename...
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename...
ęµ·åŗ·åØč§č§é¢ę„å „ē½å ³ē³»ē» downFile.php åę°fileName ä»»ęę件äøč½½ę¼ę“
0x01ę¼ę“ē®ä» ęµ·åŗ·åØč§č§é¢ę„å „ē½å ³ē³»ē»åØ锵é¢/serverLog/downFile.phpēåę°fileNameååØä»»ęę件äøč½½ę¼ę“ć 0x02ę¼ę“åę ę件/serverLog/downFile.php alert"ę件äøååØ!";window.history.back-1;'; exit; else $file = fopen$filedir . $filename,"r"; // ęå¼ę件 // č¾å „ę件ę ē¾ Header"Content-type: application/octet-stream"; Header"Accept-Ranges: bytes";...
Debian DLA-500-1 : imagemagick security update
Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application...
Debian DSA-3591-1 : imagemagick - security update
Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application...
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename...
UBUNTU-CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename...
PT-2016-6248 Ā· GraphicsmagickĀ +6 Ā· GraphicsmagickĀ +6
Name of the Vulnerable Software and Affected Versions: GraphicsMagick versions prior to 1.3.24 ImageMagick affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename, specifically through the OpenBlob...
Code injection
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...
CVE-2016-1843
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2016-1843
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors...
Information disclosure
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2016-1843
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2016-1843
CVE-2016-1843 affects OS X El Capitan prior to 10.11.5. The issue is in the Messages component, where filename encoding is mishandled, allowing remote attackers to obtain sensitive information via unspecified vectors. Appleās security content for OS X El Capitan v10.11.5 and Security Update 2016-...
EUVD-2016-5073
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...
Design/Logic Flaw
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 the GD imagepsloadfont function...
CVE-2016-1671
CVE-2016-1671 affects Google Chrome on Android versions prior to 50.0.2661.102, where mishandling of "/" and "" characters enables directory traversal via a file: URL. Root cause: improper handling in Android builds tied to net/base/escape.cc and net/base/filename_util.cc. Impact is directory tra...
OracleVM 3.3 : kernel-uek (OVMSA-2016-0046)
The remote OracleVM system is missing necessary patches to address critical security updates : - skbuff: skbsegment: orphan frags before copying Dongli Zhang - RDS/IB: VRPC DELAY / OSS RECONNECT CAUSES 5 MINUTE STALL ON PORT FAILURE Venkat Venkatsubra Orabug: 22888920 - mlx4core: Introduce...
CVE-2016-4072
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...