CVE-2016-7793

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL...

ntp, ntpdate, sntp security update

CentOS Errata and Security Advisory CESA-2016:2583 An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

USN-2943-1: PCRE vulnerabilities

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code...

OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)

Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...

CVE-2015-1002

IniNet embeddedWebServer aka eWebServer before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string...

CVE-2015-2089

Multiple cross-site request forgery CSRF vulnerabilities in the CrossSlide jQuery crossslide-jquery-plugin-for-wordpress plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS...

Bash-CMD-Injection

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment. Modified by JSacco - [email protected] Exploit Pack 2014 How to run: checkCVE20146271.py...

Java Applet AverageRangeStatisticImpl Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

CVE-2010-4226

cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive...

OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING...

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

CVE-2012-1223

RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack...

CVE-2011-3834

Multiple integer overflows in the inavi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for 1 the number of streams or 2 the size of the RIFF INFO chunk, leading to a heap-based buffer overflow...

CVE-2010-2595

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service application crash via a crafted TIFF image that triggers an array index error, related to...

CVE-2009-4565

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...

CVE-2008-5863

SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board wBB allows remote attackers to execute arbitrary SQL commands via the y parameter in a getuser action...

CVE-2008-1591

The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magicquotesruntime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENTIP...

CVE-2008-0149

TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...

GeoIP GeoIPUpdate.C目录遍历漏洞

GeoIP是一款用于识别Web网站访问者的所在国家应用软件。 GeoIP不正确处理用户提交的请求，远程攻击者可以利用漏洞以进程权限查看系统文件内容。 问题是由于对'updategetfilename'提交的数据缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以应用程序进程权限执行任意指令。 Maxmind geopip 0 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 目前没有解决方案提供： http://www.maxmind.com/app/locate...

1WebCalendar v 4.x vuln.

1WebCalendar v 4.x vuln. Vuln. discovered by : r0t Date: 22 march 2006 vendor:www.bensonitsolutions.com/calendar/v4/ affected version: v4.0 and prior orginal advisory: http://pridels.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html Vuln.desc. 1WebCalendar contains a flaw that allows a remote sql...