938 matches found
CVE-2018-7226
An issue was discovered in vcSetXCutTextProc in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC...
ipage.com XSS vulnerability
Open Bug Bounty ID: OBB-558108 Description| Value ---|--- Affected Website:| ipage.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Security feature bypass
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment...
PT-2018-8395 · Canonical +2 · Cpio
Name of the Vulnerable Software and Affected Versions: No vulnerable software or affected versions specified. Description: The provided information does not contain details about a specific issue. It appears to be related to the management of vulnerability identifiers, indicating that a particula...
[SECURITY] Fedora 25 Update: backintime-1.1.24-1.fc25
Back In Time is a simple backup system for Linux inspired from =EF=BF=BD=EF=BF=BD=EF=BF=BDflyback project=EF=BF=BD=EF=BF=BD=EF=BF=BD and =EF=BF=BD=EF=BF=BD=EF=BF=BDTimeVault=EF=BF=BD=EF=BF=BD=EF=BF=BD. The backup is done by taking snapshots of a specified set of directories...
Default credentials
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...
Path traversal
The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "pub.pem"...
Design/Logic Flaw
Automatic Bug Reporting Tool ABRT allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on 1 /var/tmp/abrt//maps, 2 /tmp/jvm-/hserror.log, 3 /proc//exe, 4 /etc/os-release in a chroot, or 5 an unspecified root directory relate...
SAT 5 XSS in the Failed Systems page
A cross-site scripting XSS flaw was found in how the failed action entry is processed in Satellite 5. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users...
PT-2018-5107 · Xmlsoft +1 · Libxml2 +1
Name of the Vulnerable Software and Affected Versions: libxml2 affected versions not specified Description: The issue allows context-dependent attackers to cause a denial of service stack consumption via a crafted XML document. This problem exists due to an incorrect fix for a previous issue...
Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes)
/ --------------------------------------------------------------------------------------------------- Linux/x8664 - Bind 5600 TCP Port - shellcode - 87 bytes Ajith Kp http://fb.com/ajithkp560 http://www.terminalcoders.blogspot.com Om Asato Maa Sad-Gamaya | Tamaso Maa Jyotir-Gamaya | Mrtyor-Maa...
CVE-2016-6968
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different...
PT-2016-2986 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is caused by a buffer overflow in memory, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service memory corruption...
PT-2016-7170 · Alt Linux +2 · Alt Linux +2
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided input. Description: The issue is related to a security problem, but details are not provided in the input. Recommendations: At the moment, there is no information about a newer...
PT-2016-3550 · Imagemagick +2 · Imagemagick +2
Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: The issue allows remote attackers to cause a denial of service via a crafted DDS file, specifically affecting the coders/dds.c component in ImageMagick. Recommendations: At the moment,...
PT-2016-2427 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is related to the use of memory after it has been freed, which can be exploited by a remote attacker to execute arbitrary code. Recommendations: At the moment, there is...
PT-2016-2349 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is caused by a buffer overflow. It may allow a remote attacker to execute arbitrary code or cause a denial of service memory corruption. Recommendations: At the moment,...
PT-2016-2359 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is caused by a buffer overflow. It may allow a remote attacker to execute arbitrary code or cause a denial of service memory corruption. Recommendations: At the moment,...
PT-2016-5851 · Adobe +1 · Flash Player +1
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue allows attackers to execute arbitrary code or cause a denial of service memory corruption error. Recommendations: At the moment, there is no information about a newer...
PT-2016-1669 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is caused by a buffer overflow. It may allow a remote attacker to execute arbitrary code or cause a denial of service memory corruption. Recommendations: At the moment,...