171 matches found
FreeType 2 Null Pointer Dereference Vulnerability
FreeType 2 is a software font engine characterized by being small, efficient, highly customizable and portable while producing high quality output glyph images. A null pointer dereference vulnerability exists in the InsGETVARIATION function in ttinterp.c in FreeType 2. An attacker could exploit...
resteasy: Vary header not added by CORS filter leading to cache poisoning
It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances...
UBUNTU-CVE-2017-15192
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level...
ガーディアンズ・ヴァイオレーション - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application ガーディアンズ・ヴァイオレーション published at the 'play' market has multiple vulnerabilities...
Calls to Action WordPress Plugin Reflective Cross-Site Scripting Vulnerability
Calls to Action is a plugin for calling events on WordPress sites. Calls to Action 2.4.3 and earlier versions do not effectively filter the "open-tab" HTTP GET parameter value and the "wp-cta-variation-id" HTTP GET parameter value, which allows an unauthenticated, remote attacker to trick...
CVE-2015-4064
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...
Sql injection
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...
CVE-2015-4064
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...
WordPress Landing Pages Plugin <= 1.8.4 - SQL Injection
Thisvulnerability allows an authenticated user to execute arbitrary SQL commands in an edit delete-variation action via the "post" parameter to wp-admin/post.php. Solution Upgrade the plugin...
Note for "Invalid ContentType may disclose cache directory"
Note for "Invalid ContentType may disclose cache directory" This vulnerability"Invalid ContentType may disclose cache directory" doesn't work on all systems. "Invalid ContentType may disclose cache directory", at http://www.safecenter.net/UMBRELLAWEBV4/threadid10008/ Please note that execdror6 an...
PT-1998-1048 · Microsoft · Windows 95 +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to a Bonk variation of teardrop IP fragmentation denial of service. No further details are provided about the estimated number of potentially affected devices or...