2646 matches found
Code injection
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering SEC-302...
CVE-2017-18415
CVE-2017-18415 affects cPanel prior to 67.9999.103. The issue is an incorrect environment-variable filtering vulnerability that allows code execution in the context of the mailman account (SEC-302). Root cause: improper handling of environment variables in the affected code path. Impact per refer...
CVE-2017-18415
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering SEC-302...
CVE-2019-1010038
OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable...
CVE-2019-1010038
OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable...
Buffer overflow
OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable...
CVE-2019-1010038
OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable...
Design/Logic Flaw
A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher binary is setuid root. This program is called during the connection process and executes...
CVE-2019-12576
A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher binary is setuid root. This program is called during the connection process and executes...
The vulnerability of the executable file Acrunnt.exe of the information security protection tool Akord-Win64 allows a intruder to execute arbitrary code.
The vulnerability of the Acrunnt.exe executable of the information protection tool Akord-Win64 relates to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows a perpetrator to execute arbitrary code using a specially crafted DLL library, by placing it a...
CVE-2019-12997
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment aka injection in the DEFAULTSCOREHOST environment variable...
CVE-2019-12997
CVE-2019-12997 affects Loopchain up to version 2.2.1.3. The issue is a privilege-escalation via environment manipulation, specifically injection in the DEFAULT_SCORE_HOST environment variable, enabling a low-privilege shell user to escalate privileges. The vulnerability is described with high-sev...
CVE-2019-12997
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment aka injection in the DEFAULTSCOREHOST environment variable...
Cross Site Scripting (XSS) in MineMeld
A reflected cross-site scripting XSS vulnerability exists in Palo Alto Networks MineMeld. Ref CVE-2019-1578 A remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. This issue...
Ubuntu 16.04 LTS : web2py vulnerabilities (USN-4030-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4030-1 advisory. It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform...
CVE-2019-12937
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable...
Buffer overflow
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable...
CVE-2019-12937
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable...
CVE-2012-6711
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, ma...
CVE-2012-6711
CVE-2012-6711 describes a heap-based buffer overflow in GNU Bash prior to 4.3. When wide characters not supported by the current LC_CTYPE locale are printed via the echo builtin, ansicstr() mishandles u32cconv() in lib/sh/strtrans.c, potentially allowing a local attacker to crash a script or exec...