CVE-2015-6836

The SoapClient call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serializefunctioncall...

CVE-2006-2916

A vulnerability was found in artswrapper in aRts. When running a setuid root, it does not check the return value of the setuid function call. This flaw allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. Mitigation Mitigation for th...

SUSE: Security Advisory for kernel (SUSE-SU-2014:1138-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-6704

The animations property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive...

Design/Logic Flaw

The Function call implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API...

RPC function call failed. Function name: [GetSvcVersion]

Challenge Veeam Backup & Replication fails to communicate with the Veeam Installer Service service on a managed remote machine with the error: Error: The RPC server is unavailable. RPC function call failed. Function name: GetSvcVersion. Target machine: remotemachine.domain.tld:6160. This article ...

PHP 'serialize_function_call()' function remote code execution vulnerability

PHP an open source general-purpose computer scripting language. A security vulnerability in the PHP 'serializefunctioncall' function allows remote attackers to submit a special request, execute arbitrary code, or conduct a denial-of-service attack...

PHP 5.6.x < 5.6.12 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.12. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file spldllist.c due to improper sanitization of input to the unserialize function. An attacker can...

Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1735)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a function call being made through an uninitialized object. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affected versio...

Hive 2.0 RC2 XSS / Code Execution / SQL Injection

| Title : Hive v2.0 RC2 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : "Powered by DigitalHive" | Tested on: windows 8.1 Français V.Pro | Bug : Stop Script | Download : http:///www.digitalhive.com ======================================= Stop SCript working :...

SAP NetWeaver RFC SDK Information Disclosure Vulnerability

SAP NetWeaver is a business suite of solutions that provides a development and runtime environment for SAP applications. the RFC SDK is one of the software development kits used to build C++ function-controlled RFC communications on an external client. An information disclosure vulnerability exis...

Design/Logic Flaw

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function...

From zero to start to learn the Win32 platform buffer overflow（Part1）-bug warning-the black bar safety net

Buffer overflow is a common and we often heard of software security vulnerabilities, buffer overflow, i.e. that the data is too much to write into the memory or buffer, when a buffer within the write data is full, if you continue to write data, the data will overflow into other buffer, it will...

sqlite -- multiple vulnerabilities

NVD reports: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, a...

Free-MP3-CD-Ripper-1.1-DEP

Exploit Title: Free MP3 CD Ripper 1.1 Universal DEP Bypass Exploit Date: 27\08\2011 Author: C4SS!0 G0M3S Software Link: http://www.brothersoft.com/free-mp3-cd-ripper-84543.html Version: 1.1 from struct import pack from time import sleep import os from sys import exit print ''' Created By C4SS!0...

Lua buffer overflow

Buffer overflow on function call with large number of arguments...

ActivePerl 5.x,Cygwin 1.5.x System Function Call Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10375/info ActiveState Perl and Perl for cygwin are both reported to be prone to a buffer overflow vulnerability. The issue is reported to exist due to a lack of sufficient bounds checking that is performed on data that i...

ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities

Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...

CVE-2013-2908

Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 aka No Content status code...

Debian Security Advisory DSA 2765-1 (davfs2 - privilege escalation)

Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation. OpenVAS Vulnerability Test $Id: deb2765.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2765-1 using nvtgen 1.0 Script version: 1....