Lucene search
K

100 matches found

Hacker One
Hacker One
added 2019/02/17 4:0 p.m.37 views

Notepad++: Command injection by setting a custom search engine

Summary: Arbitrary commands can be injected when using the "Search on Internet" function with a malicious custom search engine. The custom search engine can be set through the GUI or the config files, with different attack scenarios. Description: The "Search on Internet" context menu functionalit...

Exploits0
CNVD
CNVD
added 2018/05/23 12:0 a.m.2 views

radare2 denial of service vulnerability (CNVD-2018-12199)

Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the getdebuginfo function in radare2 2.5.0. A remote attacker can...

5.5CVSS5.7AI score0.01158EPSS
Exploits0References1
OSV
OSV
added 2018/02/28 9:29 p.m.4 views

ALPINE-CVE-2018-7568

The parsedie function in dwarf1.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service integer overflow and application crash via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm...

5.5CVSS6.9AI score0.01961EPSS
Exploits1References1
Hacker One
Hacker One
added 2017/12/06 4:47 a.m.21 views

WePay: open 80 port of internal host leaking some configuration info

A testing stage server was accessible from the internet leaking some debug info. Thanks @ruvlol for reporting this to us. A testing stage was accessible to everyone in internet, leaking some debug info...

6.8AI score
Exploits0
OSV
OSV
added 2017/10/05 1:29 a.m.6 views

UBUNTU-CVE-2017-15022

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...

5.5CVSS6.8AI score0.02017EPSS
Exploits0References4
CNVD
CNVD
added 2017/09/30 12:0 a.m.16 views

GNU Binutils Denial of Service Vulnerability (CNVD-2017-30075)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in processdebuginfo in dwarf.c in the Binary File Descriptor BFD library used in GNU Binutils, which can b...

5.5CVSS6.1AI score0.0124EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.17 views

Fedora 26 : php-pear-CAS (2017-2f3096ba16)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

5.6AI score
Exploits0References1
Prion
Prion
added 2017/06/05 2:29 p.m.16 views

Information disclosure

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...

5CVSS6AI score0.03568EPSS
Exploits4References3Affected Software6
Tenable Nessus
Tenable Nessus
added 2017/04/24 12:0 a.m.31 views

Fedora 24 : php-pear-CAS (2017-d9d620366e)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/04/24 12:0 a.m.17 views

Fedora 25 : php-pear-CAS (2017-2a90185a04)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

5.6AI score
Exploits0References1
Hacker One
Hacker One
added 2017/04/03 1:22 a.m.26 views

shopify-scripts: Null pointer dereference in OP_ENTER

PoC === The following demonstrates a crash: class A def foo end end class B argv = ary-ptr; gdb p ary $1 = struct RArray 0x0 Test platform ============= Linux Mint 17.3 Cinnamon 64-bit, built with gcc version 4.8.4 Ubuntu 4.8.4-2ubuntu114.04.3 mruby SHA: a14a930c800aa50a191922580d53a2ce09287912...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/03/24 5:27 p.m.23 views

shopify-scripts: Null pointer dereference in mrb_class

PoC === The following demonstrates a crash: if def class A ensure e rescue 0 end end .map.a Debug info ========== The crash happens due to a null pointer dereference in mrbclass, class.h:50. 50├ return mrbobjptrv-c; Valgrind shows several reads inside free'd blocks. Test platform =============...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/03/19 3:38 p.m.17 views

shopify-scripts: Null pointer dereference in ary_concat

PoC === The following demonstrates a crash: def f end @a = f &:s Debug info ========== mruby crashes in array.c:260 due to a null pointer dereference. 256│ aryconcatmrbstate mrb, struct RArray a, struct RArray a2 257│ 258│ mrbint len; 259│ 260├ if a2-len ARYMAXSIZE - a-len 261│ mrbraisemrb,...

0.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/09/10 12:4 p.m.6 views

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

3.3CVSS5.7AI score0.00498EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2015/08/24 7:57 p.m.7 views

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

3.3CVSS5.7AI score0.00498EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2015/07/24 12:0 a.m.9 views

The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libxml2-debuginfo-x86 package in the OpenSUSE operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

6.8CVSS7.4AI score0.04382EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/06/02 12:0 a.m.6 views

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-debuginfo-common-s390x-2.6.32 package of the Red Hat Enterprise Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

10CVSS6.9AI score0.08579EPSS
Exploits4References6
BDU FSTEC
BDU FSTEC
added 2015/06/01 12:0 a.m.7 views

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-debug-debuginfo-2.6.32 package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

10CVSS6.5AI score0.0523EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.7 views

Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities of the krb5-debuginfo package in the SUSE Linux Enterprise operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

10CVSS7.4AI score0.08898EPSS
Exploits3References6
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.6 views

Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities of the krb5-debuginfo-x86 package of the SUSE Linux Enterprise operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

10CVSS7.4AI score0.08898EPSS
Exploits3References6
Rows per page
Query Builder