345 matches found
CVE-2017-10925
IrfanView 4.44 32bit with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at...
PlaySMs Remote Code Execution Vulnerability (CNVD-2017-10344)
PlaySMS is an open source WEB SMS platform. A remote code execution vulnerability exists in PlaySms. The vulnerability stems from the address book calling a function in import.php. An attacker can exploit the vulnerability to execute malicious code...
INTELLITAMPER . map code execution vulnerability, CVE-2008-5755-a vulnerability warning-the black bar safety net
Author: k0shl reprint please indicate the source: http://whereisk0shl.top Vulnerability description Software download: https://www.exploit-db.com/apps/91891f4b53d5e61e66061454ab87ccc7-intellitamperv2.07.exe PoC: import sys maptheader = "\x23\x23\x23\x20\x53\x49\x54\x45\x4D"...
Apple GarageBand Out of Bounds Write Code Execution Vulnerability
Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple’s GarageBand version 10.1.4. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means to...
Buffer Overflow
ImageMagick is vulnerable to a buffer overflow. The library makes an incorrect function call when attempting to locate the next token, leading to a buffer overflow or a system crash...
Firefox 50.0.2 after the release reuse vulnerability analysis CVE-2016-9899-a vulnerability warning-the black bar safety net
Author: k0shl reprint please indicate the source author blog:http://whereisk0shl. top Preface Small year has passed, New Year rhythm, give you worship a early years, a Happy New Year! Haven't come across such after the release reuse vulnerability, which vulnerability causes is a very classic...
Microsoft Internet Explorer jscript9 - JavaScriptStackWalker Memory Corruption (MS15-056)
Exploit for windows platform in category dos / poc var oWindow = window.open"about:blank"; oWindow.execScript'window.oURIError = new URIError;oURIError.name = oURIError;' try "" + oWindow.oURIError; catche try "" + oWindow.oURIError; catche Description A Javascript can construct an...
CVE-2016-7437
SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...
CVE-2016-4711
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output...
CVE-2016-4564
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified...
CVE-2015-6836
The SoapClient call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serializefunctioncall...
CVE-2006-2916
A vulnerability was found in artswrapper in aRts. When running a setuid root, it does not check the return value of the setuid function call. This flaw allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. Mitigation Mitigation for th...
SUSE: Security Advisory for kernel (SUSE-SU-2014:1138-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-6704
The animations property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive...
Design/Logic Flaw
The Function call implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API...
RPC function call failed. Function name: [GetSvcVersion]
Challenge Veeam Backup & Replication fails to communicate with the Veeam Installer Service service on a managed remote machine with the error: Error: The RPC server is unavailable. RPC function call failed. Function name: GetSvcVersion. Target machine: remotemachine.domain.tld:6160. This article ...
PHP 'serialize_function_call()' function remote code execution vulnerability
PHP an open source general-purpose computer scripting language. A security vulnerability in the PHP 'serializefunctioncall' function allows remote attackers to submit a special request, execute arbitrary code, or conduct a denial-of-service attack...
PHP 5.6.x < 5.6.12 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.12. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file spldllist.c due to improper sanitization of input to the unserialize function. An attacker can...
Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1735)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a function call being made through an uninitialized object. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affected versio...
Hive 2.0 RC2 XSS / Code Execution / SQL Injection
| Title : Hive v2.0 RC2 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : "Powered by DigitalHive" | Tested on: windows 8.1 Français V.Pro | Bug : Stop Script | Download : http:///www.digitalhive.com ======================================= Stop SCript working :...