CVE-2017-9306

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "svg/onload=" substring instead of an "svg onload=" substring...

PCRE 'pcre32_copy_substring' function buffer overflow vulnerability (CNVD-2017-04912)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A buffer overflow vulnerability exists in the 'pcre32copysubstring' function in the pcreget.c file of libpcre1 in PCRE version 8.40. A...

DEBIAN-CVE-2017-7246

Stack-based buffer overflow in the pcre32copysubstring function in pcreget.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service WRITE of size 268 or possibly have unspecified other impact via a crafted file...

DEBIAN-CVE-2017-7245

Stack-based buffer overflow in the pcre32copysubstring function in pcreget.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service WRITE of size 4 or possibly have unspecified other impact via a crafted file...

reversemap - Analyse SQL injection attempts in web server logs

Analyse SQL injection attempts in web server logs The program can either be run in batch mode or interactive mode. In batch mode the program will accept Apache web server logs and will deobfuscate requested URLs from the logs. In interactive mode the program will prompt for user input and will...

F5 Networks BIG-IP : OpenSSH vulnerabilities (K15780)

CVE-2014-2653 The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. CVE-2014-2532 sshd in OpenSSH before 6.6 does not properly support wildcards on...

PCRE and PCRE2 'compile_branch' function denial of service vulnerability

PCRE is an open source regular expression library written in C. PCRE2 is an API for modifying PCRE. The 'compilebranch' function of PCRE and PCRE2 failed to properly handle regular expressions containing 'ACCEPT' substrings and nested parentheses. A remote attacker submitting a specially crafted...

DEBIAN-CVE-2015-5252

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share...

SMTP command injection

Net::SMTP is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. Applications that validate email address format are not affected by this vulnerability. The injection attack is...

Amazon Linux: Security Advisory (ALAS-2014-369)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2014-9651

Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index-ci procedures."...

DEBIAN-CVE-2014-9651

Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index-ci procedures."...

Buffer overflow

Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index-ci procedures."...

CVE-2014-9651

Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index-ci procedures."...

openSUSE Security Update : python-setuptools (openSUSE-2015-413)

Python-setup tools was updated to fix one security issues. The following vulnerability was fixed : - non-RFC6125-compliant host name matching - substring wildcard should not match IDNA prefix booc930189 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

X-Cart Cross-Site Scripting Vulnerability (CNVD-2015-02183)

X-Cart is an open source PHP e-commerce software . The software provides favorites , order records and inventory management modules. A cross-site scripting vulnerability exists in the admin.php script in X-Cart versions 5.1.6 through 5.1.10. A remote attacker can exploit this vulnerability to...

CVE-2015-0950

Cross-site scripting XSS vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter...

CVE-2015-0950

Cross-site scripting XSS vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter...

Mandriva Linux Security Advisory : openssh (MDVSA-2015:095)

Updated openssh packages fix security vulnerabilities : sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character CVE-2014-2532...