90 matches found
DEBIAN-CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner."...
DEBIAN-CVE-2019-13300
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns...
UBUNTU-CVE-2019-13307
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows...
CVE-2019-13307
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows...
CVE-2019-13300
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns...
ImageMagick heap buffer overflow vulnerability (CNVD-2019-21663)
ImageMagick Studio ImageMagick is a suite of open-source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. ImageMagick Studio A buffer error vulnerability exists in the 'EvaluateImages' function of the...
ImageMagick heap buffer overflow vulnerability (CNVD-2019-21667)
ImageMagick Studio ImageMagick is a suite of open-source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. ImageMagick Studio A buffer overflow vulnerability exists in the 'EvaluateImages' function of th...
PT-2019-5192 · Imagemagick +4 · Imagemagick +4
Name of the Vulnerable Software and Affected Versions: ImageMagick versions 7.0.8-50 Description: The issue is related to a heap-based buffer overflow in the EvaluateImages function of the ImageMagick console graphic editor. This overflow occurs due to mishandling of rows in the...
WTCMS Cross-Site Scripting Vulnerability
WTCMS is a ThinkPHP-based content management system CMS. A cross-site scripting vulnerability exists in WTCMS version 1.0, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'statistic code' field...
August 8, 2017—KB4034672 (Security-only update)
August 8, 2017—KB4034672 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where a LUN connection that was received after the buffer allocation...
postgresql: Selectivity estimators bypass SELECT privilege checks
It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access...
postgresql: Selectivity estimators bypass SELECT privilege checks
It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access...
Word Directory Script 2.1 Cross Site Scripting / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Title: Word Directory Script v 2.1 - Cross Site Scripting / SQL Injection Credit: Bilal KARDADOU Vendor: http://www.phponly.com/ Vendor URL: http://www.phponly.com/words.html Product: Word Directory Script v 2.1 Google Dork: N/A Product &...
Word Directory Script 2.1 Cross Site Scripting / SQL Injection
Title: Word Directory Script v 2.1 - Cross Site Scripting / SQL Injection Credit: Bilal KARDADOU Vendor: http://www.phponly.com/ Vendor URL: http://www.phponly.com/words.html Product: Word Directory Script v 2.1 Google Dork: N/A Product & Service Introduction: "Word Directory Script" The big...
IT Threat GeoDashboard: Suspicious
IT Threat GeoDashboard Suspicious is a combination of Open Source software configured to give end users a view on IT threats over an interactive geographical dashboard. You’ll just need an Internet Browser to access the dashboard. This application has been build on a GNU/Linux environment and may...
ntp security and bug fix update
4.2.6p5-10 - don't accept server/peer packets with zero origin timestamp CVE-2015-8138 - fix crash with reslist command CVE-2015-7977, CVE-2015-7978 4.2.6p5-9 - fix crash with invalid logconfig command CVE-2015-5194 - fix crash when referencing disabled statistic type CVE-2015-5195 - don't hang i...
Multiple vulnerabilities in extension "Fe user statistic" (festat)
It has been discovered that the extension "Fe user statistic" festat is susceptible to Cross-Site Scripting, Insecure Unserialize and Information Disclosure. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affecte...
Joomla! Component com_hdflvplayer 2.1.0.1 - SQL Injection
Joomla! Component comhdflvplayer 2.1.0.1 - SQL Injection !/usr/bin/python Exploit Title : Joomla HD FLV 2.1.0.1 and below SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://www.hdflvplayer.net/ Software Link : http://www.hdflvplayer.net/downloadcount.php?pid=5 Dork google 1:...
phpMyFAQ 2.8.x - Multiple Vulnerabilities
Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is able to view information about specific user session in 'Statistic' tab. Over...
AIX 4.2/4.3 netstat -Z Statistic Clearing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1660/info A vulnerability exists in versions 4.x. x of AIX, from IBM. Any local user can utilize the -Z command to netstat, without needing to be root. This will cause interface statistics to be reset. This could...