14 matches found
EUVD-2007-0349
Malware in sbrugna...
EUVD-2020-0422
Malware in sbrugna...
SUSE CVE-2012-3464
Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...
Dart 安全漏洞
Dart is an open source programming language. A security vulnerability exists in Dart versions prior to 2.18 and prior to 3.30 that stems from the use of RFC 3986 syntax for its Dart URI class, which results in an incompatibility with the "" character in the uri, which could lead to bypassing...
CVE-2017-5932
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...
GNU / Bash v4.4 autocompletion Code Execution Vulnerability
Exploit for linux platform in category local exploits GNU Bash code execution vulnerability in path completion Jens Heyens, Ben Stock January 2017 1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be...
CVE-2015-6790
Removed by vendor...
CVE-2015-6790
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...
Out-of-bounds
The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly have other unspecified impact via a cookie path containing only a double-quote...
CVE-2015-3145
The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly have other unspecified impact via a cookie path containing only a double-quote...
Directory traversal
kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " double quote character in the directory name, a different vulnerability than CVE-2014-2528...
Joomla! reset.php Reset Token Validation Forgery
The version of Joomla! running on the remote host is affected by a password reset vulnerability in components/comuser/models/reset.php script due to improper validation of user-supplied input to the 'token' parameter before using it to construct database queries in the confirmReset function. An...
tomcat handling of cookie values
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...
CVE-2005-2933
Buffer overflow in the mailvalidnetparsework function in mail.c for Washington's IMAP Server UW-IMAP before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote " character without a closing quote, which causes bytes after the double-quo...