180 matches found
The vulnerability of the String.equals() function in the Apache Tapestry software platform allows a hacker to execute arbitrary code.
The vulnerability of the String.equals function in the Apache Tapestry software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
ALPINE-CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
VulnCheck KEV: CVE-2012-2336
sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing...
The vulnerability of the zend_string_extend function in the PHP interpreter allows a attacker to cause a service failure or exert other effects.
The vulnerability of the zendstringextend function in the PHP interpreter is related to insufficient control over modifications to object instances of the sequence type. Exploiting this vulnerability could allow a malicious actor to cause service failures or other adverse effects e.g., terminatio...
UBUNTU-CVE-2017-9115
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code...
DEBIAN-CVE-2017-9115
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code...
Combining fonts
&&&& I love the font Just Another Hand, I use it a lot in diagrams during my talks: Here it is! Yay! The thing is, I don't like the positioning of the hyphen & equals glyphs… Cache-Control: max-age=3600 They look awkwardly positioned – they sit too high. Thankfully CSS lets you merge fonts...
Web Based TimeSheet Script Authentication Bypass Vulnerability
web based timesheet is a program to monitor the work of your employees. An authentication bypass vulnerability exists in the Web Based TimeSheet script that requires the string 'or' '=' to be entered where the password is filled in, which can be exploited by an attacker to bypass authentication...
UBUNTU-CVE-2016-7966
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...
CVE-2016-3110
modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...
CVE-2016-3110
modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...
PT-2016-5371 · Apache +1 · Apache Http Server +1
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Web Server version 2.1 Description: The issue allows remote attackers to cause a denial of service, resulting in an Apache http server crash. This is achieved by sending an MCMP message that contains a series of = equals...
Oracle Java JDK / JRE 6 < Update 30 Multiple Vulnerabilities (Unix)
The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 30 and is, therefore, potentially affected by the following vulnerabilities: - A stack overflow error exists related to proxy tunnels. Bug 6670868 - An error exists related to...
php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h
sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...
php: command line arguments injection when run in CGI mode (VU#520827)
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
php: command line arguments injection when run in CGI mode (VU#520827)
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
php: command line arguments injection when run in CGI mode (VU#520827)
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
php: command line arguments injection when run in CGI mode (VU#520827)
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
DEBIAN-CVE-2006-2659
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service CPU consumption via unknown vectors involving usernames that contain the "=" equals character, which is not properly handled during encoding...
CVE-2006-2659
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service CPU consumption via unknown vectors involving usernames that contain the "=" equals character, which is not properly handled during encoding...