CVE-2016-0828

The CVE concerns Android mediaserver: BnGraphicBufferConsumer::onTransact in libs/gui/IGraphicBufferConsumer.cpp failing to initialize a slot variable. This uninitialized state can let a remote attacker trigger an ATTACH_BUFFER action to read sensitive data and bypass a protection mechanism. Affe...

HEVD - HackSys Extreme Vulnerable Driver

HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level. HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use...

Apple Mac OSX / iOS - Multiple Kernel Uninitialized Variable Bugs Leading to Code Execution

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=618 The ool variations of the IOKit device.defs functions all incorrectly deal with error conditions. If you run the mig tool on device.defs you can see the source of th...

Debian DSA-3388-1 : ntp - security update

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs : - CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if : - ntpd enabled remote...

DLA-335-1 ntp - security update

Bulletin has no description...

SQL Injection Vulnerability in Qibo Blog System

Zibo Blog System is a multi-user blog system. There is a SQL injection leak in the Qibo Blog System. The SQL injection vulnerability is caused due to uninitialized $TBpre in the '/blog/template/space/file/listbbs.php' function, which is registered according to a pseudo-global variable in the Qibo...

Microsoft Internet Explorer hr Element Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

PT-2015-6797 · Nts +5 · Ntp +5

Name of the Vulnerable Software and Affected Versions: ntp versions prior to 4.2.7p42 Description: The issue allows remote attackers to cause a denial of service, resulting in the ntpd crash, via crafted logconfig commands. This is due to an uninitialized variable when processing malformed...

Samsung SmartViewer STWConfig ActiveX Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SmartViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the STWConfi...

Amazon Linux AMI : openssl (ALAS-2011-4)

An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List CRL checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past. All OpenSSL users should upgrade to these updated packages,...

Microsoft Internet Explorer Empty CAttrValue Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Microsoft Internet Explorer Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

openSUSE Security Update : subversion (openSUSE-SU-2013:1442-1)

This subversion update includes a security fix and several minor changes. - update to 1.7.13 bnc836245 - User-visible changes : - General - merge: fix bogus mergeinfo with conflicting file merges - diff: fix duplicated path component in '--summarize' output - raserf: ignore case when checking...

openSUSE Security Update : wireshark (openSUSE-SU-2011:0602-1)

This wireshark update fixes : - Use of un-initialized variables CVE-2011-1590 - Buffer overflow in DECT dissector CVE-2011-1591 - Crash in NFS dissector on Windows CVE-2011-1592 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Localize: Uninitialized variable error message leaks information

An uninitialized variable $alert at line 630 in index.php shows an error message. This happens after a POST /pages/createproject. The error message does not appear in the browser because the user is redirected to the new project immediately, but it is there in the HTTP response see error.png. Thi...

Session fixation

The bgpattrunknown function in bgpattr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service bgpd crash via a crafted BGP update...

wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599)

The dissectberchoice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service application crash via a malformed packet...

CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...

CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...

Information leak through outs instruction emulation

ISSUE DESCRIPTION The emulation of the outs instruction for 64-bit PV guests uses an uninitialized variable as the segment base for the source data if an FS: or GS: segment override is used, and if the segment descriptor the respective non-null selector in the corresponding selector register poin...