Path Traversal in Action View

File Content Disclosure in Action View Impact ------ There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents. Th...

Directory Traversal And Information Disclosure

actionview gem is vulnerable to directory traversal and information disclosure. This vulnerability affects applications which pass user input directly into the 'render' method in an action view controller without verification. Using this vulnerability, attackers can render files from outside the...

DEBIAN-CVE-2019-6247

An issue was discovered in Anti-Grain Geometry AGG 2.4 as used in SVG++ aka svgpp 1.2.3. A heap-based buffer overflow bug in svgppaggrender may lead to code execution. In the renderscanlinesaasolid function, the blendhline function is called repeatedly multiple times. blendhline is equivalent to ...

UBUNTU-CVE-2019-6247

An issue was discovered in Anti-Grain Geometry AGG 2.4 as used in SVG++ aka svgpp 1.2.3. A heap-based buffer overflow bug in svgppaggrender may lead to code execution. In the renderscanlinesaasolid function, the blendhline function is called repeatedly multiple times. blendhline is equivalent to ...

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

CVE-2018-18966

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file...

CVE-2018-17069

An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay...

freetype2/cff-render: Heap-buffer-overflow in tt_face_palette_set

Detailed report: https://oss-fuzz.com/testcase?key=5278718313365504 Project: freetype2 Fuzzer: aflfreetype2cff-render Fuzz target binary: cff-render Job Type: aflasanfreetype2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x61f0000028d8 Crash State: ttfacepaletteset...

Google Chrome - Swiftshader Texture Allocation Integer Overflow

Google Chrome - Swiftshader Texture Allocation Integer Overflow There's a remotely triggerable memory corruption issue in SwiftShader that's reachable from WebGL, resulting from an integer overflow issue. In the GPU process there is validation on the sizes passed to texture creation functions to...

CVE-2017-2908

An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A...

CVE-2018-10111

An issue was discovered in GEGL through 0.3.32. The renderrectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service application crash upon allocation failure...

Drupalgeddon Two.

New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a...

DEBIAN-CVE-2018-10111

An issue was discovered in GEGL through 0.3.32. The renderrectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service application crash upon allocation failure...

UBUNTU-CVE-2018-10111

An issue was discovered in GEGL through 0.3.32. The renderrectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service application crash upon allocation failure...

CVE-2018-8711

A local file inclusion issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The vulnerability is due to the lack of args/input validation on renderhtml before allowing it to be...

GHSA-6X77-RPQF-J6MW ejs vulnerable to DoS due to weak input validation

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in ejs.renderFile...

Pdfium - Pattern Shading Integer Overflows

Pdfium - Pattern Shading Integer Overflows This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in cpdfrenderstatus.cpp re...

Exploit for Improper Input Validation in Debian Debian_Linux

CVE-2016-2098 Action Pack in Ruby on Rails before 3.2.22.2, 4...

Cross-site Scripting (XSS)

Kibana is vulnerable to cross-site scripting XSS attacks. This is because the visualization title is enabled in render function of visualizeembeddablefactory.js which allows an attacker to inject and execute arbitrary webscript...

xorg-x11-server denial of service vulnerability (CNVD-2018-03105)

The xorg-x11-server is an X Window System display server bundled with multiple vendor operating systems. A security vulnerability exists in the RENDER extension in xorg-x11-server versions prior to 1.19.5, which stems from a lack of length detection in the program. An attacker can exploit this...