32 matches found
The vulnerability of the software for interacting with servers via CURL lies in the fact that certain operations exceed the allowable buffer size limits, allowing an attacker to cause a service failure.
The vulnerability of the software for interacting with servers via CURL is related to the execution of operations within the acceptable data buffer limits. Exploiting this vulnerability allows a malicious actor to cause service failures...
The vulnerability of the software for interacting with servers using curl, related to errors in handling user credentials, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the software for interacting with servers using curl is related to errors in handling user credentials. Exploiting this vulnerability can allow a perpetrator to gain unauthorized access to protected information...
Information disclosure
An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...
libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes
A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...
Threat Roundup for August 24-31
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 24 and 31. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...
The vulnerability of the syntax analyzer of the software tool for interacting with the curl server allows a hacker to perform read operations beyond the buffer in memory.
The vulnerability of the software tool’s syntax analyzer for interacting with servers using curl is related to an error during registration on the server using the FTP protocol. Exploiting this vulnerability allows a malicious actor to gain access to data beyond the boundaries of the allocated...
CVE-2017-1340
IBM Jazz Reporting Service JRS 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455...
CVE-2017-1340
IBM Jazz Reporting Service JRS 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455...
FTP PWD response parser out of bounds read
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...
Design/Logic Flaw
The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...
CVE-2013-0887
Removed by vendor...
Page attack the theory and implementation-vulnerability warning-the black bar safety net
Page attack can be divided into two categories One is the use of a browser vulnerability in the access page to write malicious code for visitors of the attack. Here we can be understood as the service end-to-client attacks. Another just opposite, is the visitors use the page of the vulnerability ...