PT-2021-6810 · Videolan +3 · Vlc Media Player +3

Name of the Vulnerable Software and Affected Versions: VLC Media Player version 3.0.11 Description: The issue is related to a NULL-pointer dereference in the Open function within the avi.c file of the VLC Media Player. This can cause a denial of service DOS in the application, allowing a remote...

CVE-2017-1000418

The WildMidiOpen function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted file...

CVE-2018-20540

There is memory leak at liblas::Open liblas/liblas.hpp in libLAS 1.8.1...

libLAS Memory Disclosure Vulnerability

libLAS is a C/C++ library for reading and writing the common LAS LiDAR format. A memory leak vulnerability exists in libLAS 1.8.1 in liblas::Open liblas/liblas.hpp. No details of the vulnerability are provided at this time...

thor ruby gem command injection vulnerability

The thor ruby gem is a toolkit for building command-line applications. A command injection vulnerability exists in the thor ruby gem, which stems from the use of the open-uri 'open' function in Thor::Actionsget. An attacker could exploit this vulnerability to execute system commands...

UBUNTU-CVE-2017-1000418

The WildMidiOpen function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted file...

UBUNTU-CVE-2017-11697

The hashopen function in hash.c:229 in Mozilla Network Security Services NSS allows context-dependent attackers to cause a denial of service floating point exception and crash via a crafted cert8.db file...

PT-2017-11931 · Xiph.Org +2 · Vorbis-Tools +2

Name of the Vulnerable Software and Affected Versions: vorbis-tools version 1.4.0 Description: The issue allows remote attackers to cause a denial of service, specifically a memory allocation error, by using a crafted wav file. This is related to the wav open function in oggenc/audio.c...

USN-2825-1: Oxide vulnerabilities

Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the...

CVE-2015-6782

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...

CVE-2015-6782

CVE-2015-6782 affects Google Chrome/Chromium up to version 47.0.2526.73, where Document::open in WebKit's DOM handling fails to align page-dismissal with modal-dialog blocking. This enables remote attackers to spoof Omnibox content via a crafted website. Connected sources confirm the vulnerabilit...

CVE-2015-6782

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...

UBUNTU-CVE-2015-6782

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...

Bugzilla < 4.0.16 / 4.1.1 < 4.2.12 / 4.3 < 4.4.7 / 4.5 < 4.5.6 Command Injection

Binary data 8913.prm...

Bugzilla < 4.0.16 / 4.2.12 / 4.4.7 / 5.0rc1 Multiple Vulnerabilities

According to its banner, the version of Bugzilla running on the remote host is potentially affected by the following vulnerabilities : - A command injection vulnerability exists due to a failure to properly utilize the 3 arguments form for open. This allows an authenticated, remote attacker with...

Updated bugzilla packages fix CVE-2014-8630

Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630...

CVSWeb Developer CVSWeb 1.80 insecure perl "open" Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1469/info Cvsweb 1.80 makes an insecure call to the perl OPEN function, providing attackers with write access to a cvs repository the ability to execute arbitrary commands on the host machine. The code that is being...

Dispair 0.1/0.2 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5392/info Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the...

Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2102/info A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms. An insecurely-structured call to the open function leads to a failure to properly filte...

cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...