247 matches found
Security feature bypass
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads...
CVE-2017-11023
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads...
CVE-2017-11023
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads...
CVE-2017-9676
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock...
Race condition
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock...
Silver Stripe CMS: source code security analysis report
Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...
Discuz! x the use of SSRF remote command execution vulnerability
Content source: security think tank 0X01 ready to work jannock issued by Discuz conditional remote command execution,a lot of big stations affected, the online hasn't published details, in a safe public number to see on the jannock simple to say about the principle, is ssrf+redis/memcache issues,...
WooCommerce plugin for WordPress: source code security analysis report
Several vulnerabilities were discovered in WooThemes 'WooCommerce plugin for WordPress' software: File System Path Manipulation Using Global Variables Incorrect Newline Symbol Filtration in HTTP-response Headers Hardcoded Credentials...
CMSimple CMS: source code security analysis report
Several vulnerabilities were discovered in CMSimple 'CMSimple CMS' software: File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Global Variables Using Insufficiently Random Generators in Cryptography HttpOnly...
Concrete5 CMS: source code security analysis report
Several vulnerabilities were discovered in Portland Labs 'Concrete5 CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions...
WordPress CMS: source code security analysis report
Several vulnerabilities were discovered in Wordpress Foundation 'WordPress CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect User...
Drupal CMS: source code security analysis report
Several vulnerabilities were discovered in Drupal Association 'Drupal CMS' software: Incorrect User Input Filtration when Generating Code on the Fly Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Hardcoded Credentials Using Insufficiently Random...
MODX Revolution: source code security analysis report
Several vulnerabilities were discovered in MODX 'MODX Revolution' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random...
Joomla!: source code security analysis report
Several vulnerabilities were discovered in Open Source Matters, Inc. 'Joomla!' software: Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML...
Qibo Video System SQL Injection Vulnerability
Zibo video system can achieve all static, custom static page URL rules, you can copy the system into multiple subsystems in the background. A SQL injection vulnerability exists in Qibo Video System.' video/member/special.php' where $TBpre is not initialized, due to the existence of pseudo-global...
PCS pcsd competitive conditions loophole
PCS is a set of tools for configuring and managing Pacemaker and Corosync clustering software using the command line and web UI. A competitive condition vulnerability exists in PCS 0.9.139 and prior versions of pcsd that stems from the program's use of global variables to validate usernames. A...
Qi Bo CMS variable coverage leads to sql injection vulnerability analysis report-vulnerability warning-the black bar safety net
Blog post author: Alibaba security research lab—supporting su Release date: 2015-3-10 Blog post content: The recent Alibaba security research laboratory vulnerability monitoring system to monitor attendance Bo cms exist high-risk vulnerabilities that can lead to SQL vulnerability and thus affect...
phpBB 3.1.1 deregister_globals() Bypass
When PHP's registerglobals configuration directive set on, phpBB will call deregisterglobals function, all global variables registered by PHP will be destroyed. But deregisterglobals functions can be bypassed. $input = arraymerge arraykeys$GET, arraykeys$POST, arraykeys$COOKIE, arraykeys$SERVER,...
MyBB 1.8.2 - unset_globals() Function Bypass Remote Code Execution
MyBB 1.8.2 - unsetglobals Function Bypass Remote Code Execution Exploit Title: MyBB - 2014.03.06 MyBB's unsetglobals function can be bypassed under special conditions and it is possible to allows remote code execution. I. MyBB's unsetglobals Function Bypass When PHP's register\globals configurati...
CVE-2014-8074
Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables...