33 matches found
go-dns:fuzz_msg_unpack: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5674594752266240 Project: go-dns Fuzzing Engine: libFuzzer Fuzz Target: fuzzmsgunpack Job Type: libfuzzerasango-dns Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000003ee72 Crash State: NULL Sanitizer: address ASAN Recommended...
CVE-2019-13301
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error...
Design/Logic Flaw
In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, improper mounting lead to device node and executable to be run from /dsp/ which presents a potential security issue...
Security update for go1.9 (moderate)
This update for go1.9 fixes the following issues: Security issues fixed: - CVE-2018-7187: arbitrary command execution via VCS path boo1081495 Non-security changes: - Update to version 1.9.7 - fixes to the go command and compiler - minimal support to the go command for the vgo transition...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in jbig2_arith_decode
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5652888073273344 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
CVE-2014-8818
...
subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
It was found that when an SVN server both svnserve and httpd with the moddavsvn module searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable for example, if it had been moved...
CVE-2010-5003
The CVE-2010-5003 entry concerns an SQL injection in the AutarTimonial component (com_autartimonial) version 1.0.8 for Joomla!. The vulnerability is triggered via the limit parameter in an autartimonial action to index.php, allowing remote attackers to execute arbitrary SQL commands. The affected...
Mollify 1.8.0.1 Cross Site Scripting
------------------------------------------------------------------------ Software................Mollify 1.8.0.1 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.mollify.org/ Discovery Date..........5/19/2011 Tested...
Unfixed XSS vulnerability at www.gruppotoscano.it
Security researcher Langy, has submitted on 21/02/2011 a cross-site-scripting XSS vulnerability affecting www.gruppotoscano.it, which at the time of submission ranked 167859 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is...
[email protected]
PHPBlogger is a simple tool to help the creation of web blogs... Encrypted admin password and other preferences are stored on /data/pref.db You can find lots of them exposed with google search: pref password= filetype:db = -------------------------------------------- The admin panel is acessible...
DSA-820-1 courier - missing input sanitising
Bulletin has no description...
CVE-2003-0261
fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges...