412 matches found
UBUNTU-CVE-2016-2339
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...
ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution
It was found that the ghostscript function .initializedscparser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process...
ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution
It was found that the ghostscript function .initializedscparser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process...
CVE-2016-6836
The vmxnet3completepacket function in hw/net/vmxnet3.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcqdescr object...
shopify-scripts: Segmentation fault when a Ruby method is invoked by a C method via Object#send
We can arrange for C to call Objectsend by aliasing it over initialize. This will cause Classnew a C function to call initialize which is actually Objectsend with arbitrary arguments. If we invoke a Ruby method through Objectsend, mruby segfaults: def foo end class X aliasmethod :initialize, :sen...
CVE-2016-6836
The vmxnet3completepacket function in hw/net/vmxnet3.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcqdescr object...
phpProfiles <= 3.1.2b Multiple Remote File Include Vulnerabilities
No description provided by source. +------------------------------------------------------------------------------------------- + phpProfiles = 3.1.2b Multiple Remote File Include Vulnerabilities +------------------------------------------------------------------------------------------- + Affect...
IP2location.dll 1.0.0.1 - Function Initialize() Buffer Overflow
No description provided by source. html head titleIP2Location.dll v1.0.0.1 Initialize Buffer Overflow by sinn3r/title /head body object classid='clsid:A3C8BFFA-1496-4188-A2BC-355A0B3DA0A7' id='ip2location'/object script language=JavaScript / IP2Location.dll v1.0.0.1 Initialize Buffer Overflow...
UBUNTU-CVE-2013-6638
Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the 1...
Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
This Metasploit module exploits a vulnerability on Microsoft Silverlight. The vulnerability exists on the Initialize method from System.Windows.Browser.ScriptObject, which access memory in an unsafe manner. Since it is accessible for untrusted code user controlled it's possible to dereference...
DEBIAN-CVE-2013-0868
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and 1 unchecked return codes from the initvlc function and 2 "len==0 cases."...
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
This module exploits a vulnerability in Microsoft Silverlight. The vulnerability exists on the Initialize method from System.Windows.Browser.ScriptObject, which access memory in an unsafe manner. Since it is accessible for untrusted code user controlled it's possible to dereference arbitrary memo...
Directory traversal
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management ZCM 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls th...
CVE-2013-0717
Multiple cross-site request forgery CSRF vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that 1...
SuSE 11 / 11.1 Security Update : ghostscript (SAT Patch Numbers 2708 / 2709)
This update for ghostscript fixes the following security issues : - Specially crafted postscript .ps files can cause buffer overflows in ghostscript that could potentially be exploited to execute arbitrary code. CVE-2010-1869 / CVE-2010-1628 / CVE-2009-4270 - By default, ghostscript reads certain...
Phpcms 2 0 0 8 query.php SQL injection vulnerability and repair programme-vulnerability warning-the black bar safety net
Affected version: Phpcms 2 0 0 8 vulnerability description: In the file the ask/query. php: case 'editanswer': //paragraph 3, line 9 if$dosubmit ifstrlen$answertext 1 0 0 0 0 showmessage'answer the number of words cannot exceed 1 0 0 0 0 characters'; $posts'message' = $M'useeditor' ? $answertext ...
cups: web interface memory disclosure
The cgiinitializestring function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % percent character without two subsequent hex characters, which...
DEBIAN-CVE-2010-1748
The cgiinitializestring function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % percent character without two subsequent hex characters, which...
IP2location.dll 1.0.0.1 - Function Initialize() Local Buffer Overflow
IP2location.dll 1.0.0.1 - Function Initialize Local Buffer Overflow IP2Location.dll v1.0.0.1 Initialize Buffer Overflow by sinn3r / IP2Location.dll v1.0.0.1 Initialize Buffer Overflow Vulnerable version : v1.0.0.1 checksum: d86933ab58720c384bdc081d33684f7d patched version : v1.0.0.1 checksum:...
IP2location.dll 1.0.0.1 Initialize() Buffer Overflow
IP2Location.dll v1.0.0.1 Initialize Buffer Overflow by sinn3r / IP2Location.dll v1.0.0.1 Initialize Buffer Overflow Vulnerable version : v1.0.0.1 checksum: d86933ab58720c384bdc081d33684f7d patched version : v1.0.0.1 checksum: bf66e2ef8be3c301b381cfb424ad0afc, v3.0.1.0 Found and coded by sinn3r...