68 matches found
CVE-2014-4420
The CVE-2014-4420 entry describes a kernel memory initialization flaw in the network-statistics interface of Apple iOS (pre-8) and Apple TV (pre-7). A crafted application could leak memory contents and layout information from the kernel, similarly to other CVEs in the bundle. The root cause is me...
CVE-2014-5163
The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...
RealNetworks RealPlayer CDDA URI Initialization Vulnerability
No description provided by source. $Id: realplayercddauri.rb 12009 2011-03-17 15:42:28Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...
Default credentials
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack...
Buffer overflow
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data...
bo-blog任意变量覆盖漏洞
// go.php $qurl=$SERVER"REQUESTURI"; @list$relativePath, $rawURL=@explode'/go.php/', $qurl; $rewritedURL=$rawURL; // 来自$SERVER"REQUESTURI",可以任意提交的: ... $RewriteRules="/component/^/+/?/"; // 这个正则限制的不够细致,可以很轻易的绕过: ... $RedirectTo="page.php?pagealias=\1"; $i=0; foreach $RewriteRules as $rule if...
CVE-2009-3737
The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document...
CVE-2009-1698
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...