Lucene search
K

37 matches found

OSV
OSV
added 2025/09/23 1:15 a.m.3 views

UBUNTU-CVE-2025-10824

A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...

5.3CVSS5.3AI score0.00133EPSS
Exploits0References7
OSV
OSV
added 2025/09/23 12:2 a.m.4 views

CVE-2025-10824 axboe fio init.c __parse_jobs_ini use after free

A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...

4.8CVSS5.5AI score0.00133EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/29 8:52 a.m.5 views

Malicious code in invokehttp (PyPI)

The init.py contains a call to execute a Base64-encoded script to download a second stage payload. --- -= Per source details. Do not edit below this line.=- Source: kam193 e3374942a3d2de4ea1f9444223c351c0ef5356c571a08e8ddb62144f7564def0 In the invokehttp, the init.py contains obfuscated code...

7.5AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.4 views

SUSE CVE-2013-6441

The lxc-sshd template templates/lxc-sshd.in in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file...

7.2CVSS7AI score0.00498EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2021/07/16 12:0 a.m.7 views

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot which allows local users to gain privileges via a symlink attack in an image.

...

7.2CVSS7AI score0.00609EPSS
Exploits0
CNVD
CNVD
added 2021/01/14 12:0 a.m.2 views

Quest Policy Authority For Unified Communications Cross-Site Scripting Vulnerability

Quest Policy Authority For Unified Communications is a software from Quest, Inc. that is used in corporate environments to consolidate communication data between various media text and instant messaging, video conferencing, email and voicemail. A cross-site scripting vulnerability exists in Quest...

6.1CVSS6.4AI score0.01326EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/01/10 12:0 a.m.8 views

Quest Software Policy Authority For Unified Communications 跨站脚本漏洞

Quest Policy Authority For Unified Communications is a software from Quest, Inc. that is used in corporate environments to consolidate communication data between various media text and instant messaging, video conferencing, email and voicemail. A cross-site scripting vulnerability exists in Quest...

6.1CVSS6.3AI score0.01326EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/02/06 12:0 a.m.6 views

PT-2020-20264

Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin versions prior to 1.9.4.5 Description: The InfiniteWP Client plugin for WordPress has a missing authorization check in the iwp mmb set request function within the init.php file. An attacker who knows an administrator'...

9.8CVSS8.8AI score0.8787EPSS
Exploits2References5
CNVD
CNVD
added 2018/03/27 12:0 a.m.5 views

Bitmessage PyBitmessage Code Execution Vulnerability

Bitmessage PyBitmessage is a cryptographic decentralized communication protocol. Bitmessage PyBitmessage version 0.6.2 and commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 and later have a vulnerability in the src/messagetypes/init.py file's ' constructObject' function has a security vulnerability...

8.8CVSS7.5AI score0.02441EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/08 12:0 a.m.4 views

WordPress Loginizer Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability in the Blacklist and Whitelist IP Wizard in the WordPress Loginizer init.php file...

8.8CVSS8.5AI score0.00714EPSS
Exploits1References1
OSV
OSV
added 2017/03/18 8:59 p.m.2 views

DEBIAN-CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

8.8CVSS9.3AI score0.04036EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

GNU Emacs 22.1 Local Variable Handling Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26327/info Emacs is prone to a vulnerability that lets attackers execute arbitrary code. Due to a design error, the application ignores certain security settings and modifies local variables. By supplying a malicious file...

7.1AI score
Exploits0
OSV
OSV
added 2014/02/14 3:55 p.m.2 views

DEBIAN-CVE-2013-6441

The lxc-sshd template templates/lxc-sshd.in in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file...

7.2CVSS6.9AI score0.00498EPSS
Exploits1References1
Cvelist
Cvelist
added 2014/02/14 3:0 p.m.21 views

CVE-2013-6441

The lxc-sshd template templates/lxc-sshd.in in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file...

6.1AI score0.00498EPSS
Exploits1References4
rdot
rdot
added 2012/03/04 12:0 a.m.19 views

Выполнение подзапросов и команд ОС в инъекциях SELECT под MySQL

We would like to open our blog notes on the practical implementation of the SQL-injections. And also we try to focus more attention on the practical aspects of web application security in the future. SQL injections are the most common server-side Web application vulnerabilities and meet almost...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2010/05/31 12:0 a.m.17 views

QuickTalk 1.2 - Source Code Disclosure

QuickTalk 1.2 - Source Code Disclosure ======================================================================= QuickTalk v1.2 Source code disclosure Multiple Vulnerabilities =======================================================================...

7.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2007/10/01 12:0 a.m.4 views

PT-2007-6258 · Unknown · Myipacng-Stats

Name of the Vulnerable Software and Affected Versions: myIpacNG-stats MINGS version 0.05 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the MINGS BASE parameter. This is a remote file inclusion vulnerability in the init.php file. Note that this issue is...

6.8CVSS7.9AI score0.01115EPSS
Exploits0References4
Rows per page
Query Builder