PT-2020-7585 · Dbi +3 · Dbi +3

Name of the Vulnerable Software and Affected Versions: DBI module versions prior to 1.632 for Perl Description: An issue in the DBI module for Perl may lead to memory corruption when using many arguments to methods for Callbacks. Recommendations: For versions prior to 1.632, update to version 1.6...

OracleVM 2.1 : kernel (OVMSA-2009-0014)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-1192 The 1 agpgenericallocpage and 2 agpgenericallocpages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later...

Immunity Canvas: MS14_064_IE_OLEAUT32

Name| ms14064ieoleaut32 ---|--- CVE| CVE-2014-6332 Exploit Pack| CANVAS Description| MS14064 - Windows OLE Automation Array Remote Code Execution Vulnerability Notes| CVE Name: CVE-2014-6332 VENDOR: Microsoft NOTES: References:...

TinyShop SQL注入一枚

简要描述： 20140926 详细说明： /protected/controllers/payment.php中 callback 函数 public function callback //从URL中获取支付方式 $paymentid = Filter::intReq::get'paymentid'; $payment = new Payment$paymentid; $paymentPlugin = $payment-getPaymentPlugin; //先获取一个支付方式，默认只有余额支付 ，id为1 。。。 //执行接口回调函数 $callbackData =...

TinyShop SQL注入一枚

简要描述： 20140926 详细说明： 这次这个还是在payment里，是异步callback时候，有类似问题，其实我不想分开交的，其实不想分开交，怕有重复过不了。 /protected/controllers/payment.php中 asynccallback function asynccallback //从URL中获取支付方式 $paymentid = Filter::intReq::get'paymentid'; $payment = new Payment$paymentid; $paymentPlugin = $payment-getPaymentPlugin;...

Fedora 21 : freeipa-4.1.1-1.fc21 / slapi-nis-0.54.1-1.fc21 (2014-14427)

freeipa : - Update to upstream 4.1.1 - see http://www.freeipa.org/page/Releases/4.1.1 - fix CVE-2014-7828 slapi-nis : - support FreeIPA overrides in LDAP BIND callback - ignore FreeIPA override searchs outside configured schema compat subtrees Note that Tenable Network Security has extracted the...

callback nightmare: parsing of the famous CMS frameworks Drupal SQL injection vulnerability-vulnerability warning-the black bar safety net

Drupal is using the PHP language, open source content management framework CMF, which consists of CMS and PHP development framework together constitute. Consecutive years won the world's best CMS award, is based on the PHP language the most famous WEB applications. A few days before the explosion...

CVE-2014-2988

CVE-2014-2988 affects EGroupware EPL before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta. Root cause: improper handling of crafted callback values passed to PHP call_user_func, enabling remote authenticated administrators to execute arbitrary...

CVE-2014-2988

EGroupware Enterprise Line EPL before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the calluserfunc PHP function, as demonstrated using th...

SOL15730 - OpenSSH vulnerability

The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet dat...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...

CVE-2012-5702

Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...

chromium: multiple security fixes in Chrome 38.0.2125.101

The SessionService::GetLastSession function in browser/sessions/sessionservice.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing...

CVE-2014-3193

The SessionService::GetLastSession function in browser/sessions/sessionservice.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing...

CVE-2014-3193

The SessionService::GetLastSession function in browser/sessions/sessionservice.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing...

Type confusion

The SessionService::GetLastSession function in browser/sessions/sessionservice.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing...

CVE-2014-3193

CVE-2014-3193 : Affected software is Google Chrome prior to 38.0.2125.101. Root cause is a type confusion issue in SessionService::GetLastSession used during callback processing, which can lead to a use-after-free and potentially other impact. The vulnerability enables denial of service and parti...

Bugzilla < 4.0.14 / 4.2.10 / 4.4.5 / 4.5.5 CSRF Vulnerability

According to its banner, the version of Bugzilla installed on the remote host contains a flaw in its callback APIs in which data is not properly sanitized before being submitted to the 'jsonrpc.cgi' script. Using a specially crafted OBJECT element with SWF content, a remote attacker could perform...

OAuth authentication memory vulnerability caution a user identity hijacking-vulnerability warning-the black bar safety net

With OpenSSL, like OAuthOpen Authorizationas a widely used open-source third-party login authentication Protocol, this year also broke a security vulnerability. In the third session of the know the security Forum, from Sina Weibo of the blue di snowball shows Sina as early as year 3 months...

Adobe AIR < 14.0.0.178 Multiple Vulnerabilities (APSB14-18)

Binary data 8358.prm...