UBUNTU-CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

PYSEC-2016-28

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

Code injection

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

PYSEC-2016-28

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

CVE-2016-3105

The CVE-2016-3105 entry affects Mercurial prior to 3.8, where the convert extension could allow remote arbitrary code execution via a crafted Git repository name. Multiple advisories (GHSA, Debian DSA/DSA, Mageia, Gentoo GLSA) and vendor pages confirm: vulnerable component is the convert extensio...

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

Mercurial Arbitrary Code Execution Vulnerability

Mercurial is a set of cross-platform distributed version control software written in the Python language . A security vulnerability in Mercurial's use of the convert extension in Git repos allows remote attackers to submit a special request to execute arbitrary code...

[SECURITY] [DLA 459-1] mercurial security update

Package : mercurial Version : 2.2.2-4+deb7u3 CVE ID : CVE-2016-3105 Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects...

mercurial: arbitrary code execution

Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This is a further side-effect of Git CVE-2015-7545. Reported and fixed by Blake...

Amazon Linux AMI : mercurial (ALAS-2016-697)

It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. CVE-2016-3068 The binary delta decoder in Mercurial before 3.7.3 allows remote...

mercurial: convert extension command injection via git repository names

It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository...

Foxit Reader ConvertToPDF BMP Parsing Information Disclosure Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the ConvertToPDF plug-in, due to a constructed BMP graphic that triggers a read of memory outside of the allocated object. Exploitation of this vulnerability allows an attacker to execut...

Foxit Reader ConvertToPDF JPEG Out-of-Bounds Read Information Disclosure Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the ConvertToPDF plug-in, due to a constructed JPEG graphic that triggers a read of memory outside of the allocated object. An attacker could be allowed to exploit the vulnerability to...

Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015

When a PDF is uploaded in Scald File, various tools can be executed if they're installed on the server, to try to generate a thumbnail out of that PDF. This is mitigated by the need to have the sufficient permissions to upload a file in Scald, and also to have at least one of the thumbnail creati...

Foxit Reader ConvertToPDF Heap Buffer Overflow Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. A security vulnerability exists in Foxit Reader's ConvertToPDFx86.dll that can be exploited to allow an attacker to interact with a victim via a malicious web page or a malicious file to execute arbitrary commands in the current...

Switch v4.68 - Code Execution Vulnerability

Document Title: =============== Switch v4.68 - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1649 Release Date: ============= 2015-11-23 Vulnerability Laboratory ID VL-ID: ==================================== 1649 Common...

The vulnerability of Firefox and Firefox ESR browsers allows a perpetrator to trigger a service failure.

The vulnerability of the ConvertDialogOptions function in Firefox and Firefox ESR browsers is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause a service failure remotely...

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)

The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact via unknown vectors...