2623 matches found
CVE-2018-10581
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...
Google Chrome V8 Arrow Function Scope Fixing Bug
Chrome: V8: Arrow function scope fixing bug When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first assigns t...
Chrome V8 JIT - Arrow Function Scope Fixing Bug Exploit
Exploit for multiple platform in category dos / poc / When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first...
Chrome V8 JIT - Arrow Function Scope Fixing Bug
Chrome V8 JIT - Arrow Function Scope Fixing Bug / When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first...
Chrome V8 JIT - Arrow Function Scope Fixing Bug
/ When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first assigns the destructuring assignments to the outer...
CVE-2018-10191
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...
UBUNTU-CVE-2018-10191
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...
CVE-2014-0158
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file because of incorrect j2kdecode, j2kreadeoc, and tcddecodetile interaction, a...
Directory Traversal
crud-file-server is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
dlplibs/cdrfuzzer: Stack-use-after-scope in libcdr::CDRParser::_redirectX6Chunk
Detailed report: https://oss-fuzz.com/testcase?key=5193637206949888 Project: dlplibs Fuzzer: libFuzzerdlplibscdrfuzzer Fuzz target binary: cdrfuzzer Job Type: libfuzzerasandlplibs Platform Id: linux Crash Type: Stack-use-after-scope READ 8 Crash Address: 0x7f8e30db6bd8 Crash State:...
Netflix Opens Public Bug Bounty Program with $15K Payout Cap
Netflix expanded its bug bounty program on Wednesday opening it up to any white hat hacker and at the same time increased the top reward to $15,000. The bug bounty program, managed by Bugcrowd, now allows any registered hackers to scour Netflix vast mobile, cloud and software platform for minor a...
Directory Traversal
wenluhong11 is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
Directory Traversal
my-sn is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
Directory Traversal
zhangranbigman is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
Directory Traversal
cuiaiguang is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
Directory Traversal
ptest is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
Directory Traversal
express-blinker is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
Directory Traversal
caolilinode1 is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
Directory Traversal
willvdbtestserver is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
Directory Traversal
webkit-devtools-agent-frontend is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...