982 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS attacks involving assignment on constructor properties. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. Th...
Pygments FontManager._get_nix_font_path Shell Injection Vulnerability
Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...
Server: PHP arbitrary class instantiation in "files_external"
A user may instantiate arbitrary ownCloud classes due to a lack of a proper check of the mount point options provided by a user via the web front end. These may include constructor arguments and could potentially lead to a remote code execution. For more information please consult the official...
Adobe Flash - FileReference Class Type Confusion
Adobe Flash - FileReference Class Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=422&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There is a type confusion issue in the TextFormat constructor that is reachable because the...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...
Python-Pickle-Class-Constructor
Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form "pickling", and later recover the data back into an object hierarchy "unpickling". A vulnerability has been reported in the Pickle implementation...
phpok sql注入一枚
简要描述: phpok4.2.083,刚下的 详细说明: 1.safekey固定,导致加密函数可逆 2.使用固定的safekey加密后发起攻击请求,加密内容在代码中解密,绕过了过滤 /install/index.php中 $content = filegetcontentsROOT."config.php"; //查找替换 $content = pregreplace'/$config"db"\"file"\s=\s'|"a-zA-Z0-9-\'|";/isU','$config"db""file" = "'.$dbconfig'file'.'";',$content;...
Arbitrary Command Execution
Overview Affected versions of this package are vulnerable to Arbitrary Command Execution due to the assignment functions accessing constructors functions, allowing attackers to execute their malicious code. Remediation Upgrade angularjs to version 1.3.2 or higher. References - GitHub ChangeLog -...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...
OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...