93 matches found
Code injection
playsservice.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined local or SMB path as SYSTEM when the executeinstaller parameter is used in an HTTP message. This occurs without properly...
Design/Logic Flaw
playsservice.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extractfiles...
Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-34414)
Huawei DP300, RP200, TE series and TX50 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A buffer overflow vulnerability exists in several Huawei products, which is caused by the device failing to adequately validate parameters in the...
Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-34415)
Huawei DP300, RP200, TE series and TX50 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A buffer overflow vulnerability exists in several Huawei products, which is caused by the device failing to adequately validate parameters in the...
CVE-2016-2390
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service application crash via a plaintext HTTP message...
Design/Logic Flaw
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service application crash via a plaintext HTTP message...
CVE-2016-2390
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service application crash via a plaintext HTTP message...
CVE-2014-0618
Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service flowd crash...
Input validation
Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service flowd crash...
CVE-2014-0618
Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service flowd crash...
ecshop the latest storm path oday-vulnerability warning-the black bar safety net
Brief description: /affiche.php,php5 environmental error exposure program path, php4 environment to display the written information Detailed description: the charset parameter is not to do rigorous filtration result in an http message header truncated written Vulnerability to prove:...
DEBIAN-CVE-2009-0478
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in 1 HttpMsg.c and 2 HttpStatusLine.c...
GLSA-200901-12 : noip-updater: Execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200901-12 noip-updater: Execution of arbitrary code xenomuta found out that the GetNextLine function in noip2.c misses a length check, leading to a stack-based buffer overflow. Impact : A remote attacker could exploit this...