117 matches found
USN-2825-1: Oxide vulnerabilities
Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the...
CVE-2015-6782
The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...
CVE-2015-6782
The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...
CVE-2015-6782
CVE-2015-6782 affects Google Chrome/Chromium up to version 47.0.2526.73, where Document::open in WebKit's DOM handling fails to align page-dismissal with modal-dialog blocking. This enables remote attackers to spoof Omnibox content via a crafted website. Connected sources confirm the vulnerabilit...
UBUNTU-CVE-2015-6782
The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...
Bugzilla < 4.0.16 / 4.1.1 < 4.2.12 / 4.3 < 4.4.7 / 4.5 < 4.5.6 Command Injection
Binary data 8913.prm...
Bugzilla < 4.0.16 / 4.2.12 / 4.4.7 / 5.0rc1 Multiple Vulnerabilities
According to its banner, the version of Bugzilla running on the remote host is potentially affected by the following vulnerabilities : - A command injection vulnerability exists due to a failure to properly utilize the 3 arguments form for open. This allows an authenticated, remote attacker with...
Updated bugzilla packages fix CVE-2014-8630
Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630...
cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)
No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...
W3Mail 1.0.6 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6170/info Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script viewAttachment.cgi accepts the parameter file. The value of this parameter is passed to th...
Linux Kernel < 2.6.22 ftruncate()/open() Local Exploit
No description provided by source. / gw-ftrex.c: Linux kernel 2.6.22 open/ftruncate local exploit by gat3way at gat3way dot eu bug information: http://osvdb.org/49081 !!!This is for educational purposes only!!! To use it, you've got to find a sgid directory you've got permissions to write into...
Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2102/info A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms. An insecurely-structured call to the open function leads to a failure to properly filte...
WEBgais 1.0 websendmail Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2077/info WEBgais is a package that provides a web interface to the gais Global Area Intelligent Search search engine tool. This package contains a vulnerable script, websendmail, which can be used to execute arbitrary...
Dispair 0.1/0.2 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5392/info Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the...
CVSWeb Developer CVSWeb 1.80 insecure perl "open" Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1469/info Cvsweb 1.80 makes an insecure call to the perl OPEN function, providing attackers with write access to a cvs repository the ability to execute arbitrary commands on the host machine. The code that is being...
Webmin show.cgi Open Function Call Command Execution
Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...
Webmin show.cgi Open Function Call Command Execution
Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...
QUIK email(QuarkMail)remote command execution vulnerabilities and fixes-vulnerability warning-the black bar safety net
Vulnerability Description: The QUIK e-mail(QuarkMail Beijing Xiong Zhi weiye science and Technology Company launched the e-mail system, is widely used in various areas of email solutions, webmail section Using perl cgi to write, but 80sec in their system found a major security vulnerability leads...
CVE-2009-4033
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this...
GLSA-200809-06 : VLC: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200809-06 VLC: Multiple vulnerabilities g reported the following vulnerabilities: An integer overflow leading to a heap-based buffer overflow in the Open function in modules/demux/tta.c CVE-2008-3732. A signedness error leading to...