Joomla! Agora 3.0.0b - Local File Inclusion

Joomla! Agora 3.0.0b comagora allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. id: CVE-2009-3053 info: name: Joomla! Agora 3.0.0b - Local File Inclusion author: daffainfo severit...

CVE-2025-9212 WP Dispatcher <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File Upload

The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpdispatcherprocessupload function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-27151 redis-check-aof may lead to stack overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-size stack buffer. This allo...

Fedora: Security Advisory (FEDORA-2024-e717420659)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-83e96146cf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

CVE-2024-0039

In attpbuildvaluecmd of attprotocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

Server side request forgery (ssrf)

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery SSRF using the Web Service Eventing model...

CVE-2022-31144 Potential heap overflow in Redis

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

Mageia: Security Advisory (MGASA-2015-0169)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel bnc1181349...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-3348: Fixed a use-after-free in nbdaddsocket that could be triggered by local attackers with access to the nbd device via an I/O request bnc1181504...

CVE-2019-0006

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager fxpc on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to...

CVE-2017-7480

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution...

CVE-2017-2784

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to ...

Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in &#039;USP10!AssignGlyphTypes&#039; (MS17-011)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1023 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!AssignGlyphTypes function, while trying to display text using a corrupted font file: --- 58d0.5ae4: Access violation - code c0000005 first...

FreeBSD : mutt -- denial of service, potential remote code execution (eb426e82-ab68-11e3-9d09-000c2980a9f3)

Beatrice Torracca and Evgeni Golov report : A buffer overflow has been discovered that could result in denial of service or potential execution of arbitrary code. This condition can be triggered by malformed RFC2047 header lines %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

FreeBSD : tor -- remote crash and potential remote code execution (4bd33bc5-0cd6-11e0-bfa4-001676740879)

The Tor Project reports : Remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

DSA-1752-1 webcit - potential remote code execution

Bulletin has no description...

RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption

RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption by Piotr Bania [email protected] http://www.piotrbania.com Original url and formatting: http://www.piotrbania.com/all/adv/realplayer-heap-corruption-adv.txt Severity: Important/Critical - Potencial remote code executio...