CVE-2018-10811

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...

CVE-2018-0919

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoi...

EUVD-2018-1710

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoi...

EUVD-2018-1653

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run C2R allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability"...

The vulnerability of the mod_auth_digest module in the Apache HTTP Server’s httpd daemon allows a hacker to gain access to confidential information or cause service interruptions.

The vulnerability of the modauthdigest module in the Apache HTTP Server’s httpd daemon arises from incorrect initialization of a variable. Exploiting this vulnerability can allow an attacker to gain access to confidential information or cause service failures...

Microsoft Edge Chakra asm.js Out-of-Bounds Read Exploit

Exploit for windows platform in category dos / poc / Here's a snippet of AsmJSByteCodeGenerator::EmitAsmJsFunctionBody. AsmJsVar initSource = nullptr; if decl-sxVar.pnodeInit-nop == knopName AsmJsSymbol initSym = mCompiler-LookupIdentifierdecl-sxVar.pnodeInit-name, mFunction; if...

RedHat Update for kernel RHSA-2015:0164-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

齐博地方门户系统sql注入

简要描述： 变量未初始化导致注入 详细说明： 齐博地方门户系统 齐博的全局过滤系统中由于存在如下代码，导致传入的参数可以成为全局变量 foreach$COOKIE AS $key=$value unset$$key; foreach$POST AS $key=$value !ereg"^\A-Z+",$key && $$key=$POST$key; foreach$GET AS $key=$value !ereg"^\A-Z+",$key && $$key=$GET$key; 所以系统中如果存在未初始化的变量，容易导致注入 2shou/post.php中 180行...

Irokez CMS <= 0.7.1 - Multiple Remote File Include Vulnerabilities

No description provided by source. +------------------------------------------------------------------------------------------- + Irokez CMS = 0.7.1 Multiple Remote File Include Vulnerabilities +------------------------------------------------------------------------------------------- + Vendor...

PHPCMS2008 Yellow Pages module vulnerability-vulnerability warning-the black bar safety net

PHPCMS2008 Yellow Pages module vulnerability variable initialization is not strict lead to arbitrary PHP code execution PHPCMS2008 system string2array function calls eval with high-risk, in/yp/web/include/common. inc. php$menu variable initialization is not strict, the result can be injected to...

PHP 5.3.x < 5.3.14 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.14, and is, therefore, potentially affected the following vulnerabilities : - An integer overflow error exists in the function 'pharparsetarfile' in the file 'ext/phar/tar.c'. This error can lead to...

bo-blog任意变量覆盖漏洞

// go.php $qurl=$SERVER"REQUESTURI"; @list$relativePath, $rawURL=@explode'/go.php/', $qurl; $rewritedURL=$rawURL; // 来自$SERVER"REQUESTURI",可以任意提交的: ... $RewriteRules="/component/^/+/?/"; // 这个正则限制的不够细致,可以很轻易的绕过: ... $RedirectTo="page.php?pagealias=\1"; $i=0; foreach $RewriteRules as $rule if...

CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the pageuid and pagegid global variables for use by the SAPI phpgetuid function, which allows context-dependent attackers to bypass safemode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting ...

CVE-2006-5754

The aiosetupring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service crash via an unspecified error path that causes an incorrect free operation...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. ...

php security update

CentOS Errata and Security Advisory CESA-2006:0568 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner...

Low: Red Hat Security Advisory: squirrelmail security update

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecur...

RHEL 3 : squirrelmail (RHSA-2005:135)

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecur...

Debian DSA-117-1 : cvs - improper variable initialization

Kim Nielsen recently found an internal problem with the CVS server and reported it to the vuln-dev mailing list. The problem is triggered by an improperly initialized global variable. A user exploiting this can crash the CVS server, which may be accessed through the pserver service and running...