shopify-scripts: Interger overflow in str_substr leading to read/write out of bound memory

Failed check len & beg in strsubstr when call mrbstrarefm by String. This can lead to read/write into invalid memory which may be memory corruption or RCE. this snippet causes a crash in mrubyi can't check mruby-engine by error undefined symbol rbutf8strnew : $b="B"2048 $expand=$b0x40,0x7fffffff...

Error message discloses existence of file in write-only share (NC-SA-2017-003)

Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages...

Denial Of Service (DoS)

FFMpeg is vulnerable to denial of service DoS attacks and possibly other attacks. These attacks are possibly because tiff.c does not validate the bits-per-pixel fields which allows attackers to cause an out-of-bounds access error through TIFF data...

CVE-2016-6059

IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources...

CVE-2017-5601

An error in the lhareadfileheader1 function archivereadsupportformatlha.c in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive...

CVE-2017-5601

An error in the lhareadfileheader1 function archivereadsupportformatlha.c in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive...

CVE-2017-5601

An error in the lhareadfileheader1 function archivereadsupportformatlha.c in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive...

Veeam Backup for Microsoft 365 1.0 Update 1 Release Notes

Challenge Veeam Backup for Microsoft 365 1.0 Update 1 Release Notes Cause Note: After installing Update 1, please install the latest update. The package contains two files: Veeam.Backup365.msi and VeeamExplorerForExchange.msi. Prior to installing this update please reboot the Veeam Backup for...

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

Out-of-bounds

Off-by-one error in the gsth264parsesetcaps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read...

Dell EqualLogic Group Manager throws an error "Request target not found" after successful backup

Challenge After a successful backup of VMs stored on Dell EqualLogic storage especially when the option Allow processing of multiple VMs with a single volume snapshot is enabled you may receive an error in Group Manager "iSCSI login to target 'X.X.X.X:Y' from initiator 'X:X:X:X::Z' failed for...

Cisco IOS Compliance Check: Error

Lists all errors from the Cisco IOS Compliance Policy Check. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-6859

Hybris Management Console HMC in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace...

Updated libgsf packages fix security vulnerability

An error within the "tardirectoryforfile" function gsf-infile-tar.c in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file CVE-2016-9888...

CVE-2016-9756

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

Upgrade to Veeam Backup & Replication 9.5 fails with "Unsupported SQL Version"

Upgrade to Veeam Backup & Replication 9.5 you receive the error "Unsupported SQL Version"...

Smart Guard Network Manager 6.3.2 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SQL Injection In Smart Guard Network Manager Api Date: 03/12/2016 Exploit Author: Rahul Raz Vendor Homepage: http://www.xsinfoways.com/ Software Name: Smart Guard Network Manager Version: 6.3.2 Tested on: Ubuntu Linux...

CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-9888

An error within the "tardirectoryforfile" function gsf-infile-tar.c in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file...

CVE-2016-9888

An error within the "tardirectoryforfile" function gsf-infile-tar.c in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file...