UBUNTU-CVE-2014-9843

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors...

phpyun v3.2 (20141222) 无需登录无视过滤注入一枚。

简要描述： 无需登录。 最新版本。 demo测试。 功能越多 bug越多 bug越多 rank越多。 详细说明： 在model/subscribe.class.php中 function certaction if$GET'id' $arr=@explode"|",base64decode$GET'id';//当时我就震惊了。。。 $email = $arr0; $code = $arr1; $nid=$this-obj-DBupdateall"subscribe","status='1'","email='".$email."' and code='".$code."'";...

jasper: heap overflow in jp2_decode() (oCERT-2014-012)

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code...

DEBIAN-CVE-2014-1569

The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long...

UBUNTU-CVE-2014-8562

DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service out-of-bounds read...

[SECURITY] Fedora 20 Update: libkdcraw-4.14.1-1.fc20

Libkdcraw is a C++ interface around LibRaw library used to decode RAW picture files. More information about LibRaw can be found at http://www.libraw.org...

Wireshark 1.10.x < 1.10.9 Multiple DoS Vulnerabilities

The installed version of Wireshark is version 1.10.x prior to 1.10.9. It is, therefore, affected by the following vulnerabilities : - A buffer underflow flaw exists in the 'dissectlog' function of the IrDA dissector, which is triggered when handling malformed packets. Using a specially crafted...

CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

Code injection

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

UBUNTU-CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

DIMIN Viewer 5.4.0 GIF Decode Crash PoC

No description provided by source. PoC: http://www.exploit-db.com/sploits/23496.tar.gz CommandLine: C:\Program Files\DIMIN\Viewer5\imgview5.exe Symbol search path is: Invalid Symbol loading may be unreliable without a symbol search path. Use .symfix to have the debugger choose a symbol path. Afte...

MS IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (1)

No description provided by source. source: http://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before...

Microsoft IIS/PWS CGI Filename Double Decode Command Execution

No description provided by source. $Id: ms01026dbldecode.rb 11513 2011-01-08 00:25:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to...

Ethereal 0.8.4/0.8.5/0.8.6,tcpdump 3.4/3.5 alpha DNS Decode Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1165/info A vulnerability exists in the DNS decode capabilities provided as part of the tcpdump sniffer, from LBL, as well as other sniffers, including Ethereal, by Gerald Combs. These sniffers will attempt to decode DNS...

Virtual Store Open 3.0 Acess SQL Injection

No description provided by source. !/usr/bin/perl Script Name: Virtual Store Open = 3.0 Link1 : http://www.virtuastore.com.br/shopping.asp?link=ShoppingVirtuaStore Link2 : http://www.virtuastore2010.com.br/ Link3 Yahoo Group : http://br.groups.yahoo.com/group/virtuastore/ Bug: Acess Sql Injection...

CVE-2014-4616

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...