ProjectPier PHP Remote File Inclusion Vulnerability

Project Pier is a free open source project management system . A PHP remote file inclusion vulnerability exists in the public/patch/patch.php file in Project Pier 0.8.8 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands or SQL statements with the...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

CVE-2015-9175

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, ...

AZL-35101 CVE-2018-1000156 affecting package patch for versions less than 2.7.6-9

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

Solaris 10 (x86) : 150401-13

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: CPU performance counters CPC drivers. Supported versions that are affected are 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability c...

UBUNTU-CVE-2018-6952

A double free exists in the anotherhunk function in pch.c in GNU patch through 2.7.6...

Code injection

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file...

CVE-2015-1416

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file...

CVE-2015-1416

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file...

CVE-2017-12332

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

thehennesseefamily.com XSS vulnerability

Vulnerable URL: http://www.thehennesseefamily.com/browsemedia.php?mediasearch=bug=headstones=Relatives=%22%20autofocus%20onfocus=alert%60OPENBUGBOUNTY%60%20 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 17.11.2017 Vulnerability type:| XSS...

e-xydas.gr XSS vulnerability

Vulnerable URL: http://e-xydas.gr/search.php?q=%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3086186 VIP website status...

The vulnerability of the GNU Patch software tool for Unix-based operating systems, such as Ubuntu, Fedora, and the Linux distribution Mageia, allows a hacker to cause a service failure by using a specially created diff file.

The vulnerability of the GNU Patch software tool for Unix-based operating systems, such as Ubuntu, Fedora, and the Linux distribution Mageia, is related to resource management errors memory consumption. Exploiting this vulnerability allows a malicious actor to cause service failures memory...

CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

Drupal Core Privilege Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A privilege bypass vulnerability exists in Drupal Core version 8 before 8.2.8 and version 8.3 before 8.3.1. If the RESTful Web Services rest module is enabled, the site...

aax-eu.amazon-adsystem.com Open Redirect vulnerability

Vulnerable URL: http://aax-eu.amazon-adsystem.com/x/c/QoXnsgP62VaSse66pY7Q8fAAAAFZAc2zIgMAAAHAUE79PQ/http://openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

teiath.gr XSS vulnerability

Vulnerable URL: http://www.teiath.gr/search.php?search=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 87233 VIP website status:| No Check teiath.gr SSL connection:| Grade: B...

yanbu1.com Open Redirect vulnerability

Vulnerable URL: http://www.yanbu1.com/vb/redirector.php?url=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 322345 VIP website status:| No Che...

horsetraildirectory.com XSS vulnerability

Vulnerable URL: http://www.horsetraildirectory.com/RiderReviews/myReviews.asp?Commentbyname=1%22--%3E%3Csvg/onload=;prompt/OPENBUGBOUNTY/;%3EDoug%[email protected] Details: Description| Value ---|--- Patched:| Yes, at 19.06.2017 Latest check for patch:| 19.06.2017 07:20 GMT...