262 matches found
The vulnerability of the Android operating system, which allows a perpetrator to bypass security measures or obtain confidential information
The vulnerability of the BnGraphicBufferConsumer::onTransact function libs/gui/IGraphicBufferConsumer.cpp in the mediaserver component of the Android operating system exists due to the lack of initialization for certain types of variables. Exploiting this vulnerability could allow a malicious act...
NTP logconfig configuration command denial of service vulnerability
Network Time Protocol is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. NTP crashes due to uninitialized variables when processing the malformed logconfig configuration command ntpd, allowing remote attackers to exploit the...
Kernel: crypto: algif - suppress sending source address information in recvmsg
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hashrecvmsg function in crypto/algifhash.c and the...
SuSE9 Security Update : ethereal (YOU Patch Number 12708)
This ethereal update fixes the use of uninitialized variables. CVE-2011-1590 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid54993; scriptversion"1.5";...
Dozens of Bugs Found in One Version of Android Kernel
Security researchers found dozens of high risk security holes in the software used to run specific Android mobile devices, but that’s still a lot better than industry averages, according to a new report. Coverity, an application code testing firm, analyzed the source code for HTC’s Droid Incredib...
SuSE 10 Security Update : clamav (ZYPP Patch Number 4169)
This is an update to ClamAV 0.91.2 to fix various bugs like NULL pointer dereferences and uninitialized variables etc. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
waraxe-2007-SA-048.txt
waraxe-2007-SA048 - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke Author: Janek Vind "waraxe" Date: 13. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-48.html Target software description: VWar module for PhpNuke http://www.vwar.de/ VWar is a webbased...
Irokez Blog 0.7.1 - Multiple Remote File Inclusions
Irokez Blog 0.7.1 - Multiple Remote File Inclusions +------------------------------------------------------------------------------------------- + Irokez CMS +------------------------------------------------------------------------------------------- + Details: + Irokez CMS has several scripts...
CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the 1 wp-admin, 2 wp-content, and 3 wp-includes directories, possibly due to uninitialized variables...
DEBIAN-CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the 1 wp-admin, 2 wp-content, and 3 wp-includes directories, possibly due to uninitialized variables...
CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the 1 wp-admin, 2 wp-content, and 3 wp-includes directories, possibly due to uninitialized variables...
CVE-2006-3390
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the 1 wp-admin, 2 wp-content, and 3 wp-includes directories, possibly due to uninitialized variables...
Mandrake Linux Security Advisory : netpbm (MDKSA-2005:199)
Pnmtopng in netpbm 10.2X, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap PNM images to Portable Network Graphics PNG, which might allow attackers to execute arbitrary code by modifying the stack. Netpbm 9.2X is not affected by this...
CVE-2005-3418
Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errormsg parameter to usercpregister.php, 2 forwardpage parameter to login.php, and 3 listcat parameter to search.php, which are not initialized as...
CVE-2004-2486
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access...
DEBIAN-CVE-2005-2978
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap PNM images to Portable Network Graphics PNG, which might allow attackers to execute arbitrary code by modifying the stack...
CVE-2005-2978
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap PNM images to Portable Network Graphics PNG, which might allow attackers to execute arbitrary code by modifying the stack...
CVE-2005-2978
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap PNM images to Portable Network Graphics PNG, which might allow attackers to execute arbitrary code by modifying the stack...
security flaw
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap PNM images to Portable Network Graphics PNG, which might allow attackers to execute arbitrary code by modifying the stack...
Cyphor 0.19 SQL Injection / Board takeover / cross site scripting
Cyphor 0.19 SQL Injection / Board takeover / cross site scripting 1if magic quotes off - SQL Injection: by "Forgot your password?" feature you can send yourself a new admin password and reset it, poc: email: youremail nick: 'or'X'='X soon, you will receive an email like this: You have registered...