Command injection

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...

PYSEC-2016-29

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

OpenVPN[v2.0.x]: foreign_option() formart string vulnerability.

[email protected]: OpenVPNv2.0.x: foreignoption format string vulnerability. 1. BACKGROUND OpenVPN is a robust and highly configurable VPN Virtual Private Network daemon which can be used to securely link two or more private networks using an encrypted tunnel over the Internet. OpenVPN's principal...

CVE-2005-0978

Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. dot dot in a PUSH command...

CVE-2005-0978

Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. dot dot in a PUSH command...

CVE-2005-0978

The CVE-2005-0978 entry describes a directory traversal flaw in the IVT BlueSoleil 1.4 Object Push service, exploitable by sending a PUSH command containing .. to upload arbitrary files. Affected component: Object Push service of IVT BlueSoleil 1.4. Root cause: directory traversal in PUSH handlin...