SWI-Prolog SWISH 安全漏洞

SWI-Prolog SWISH is a Web Integrated Development Environment from the SWI-Prolog organization. A security vulnerability exists in SWI-Prolog SWISH version 2.2.0 and earlier, which stems from stored cross-site scripting and could lead to the execution of arbitrary code...

EUVD-2012-5960

Malware in sbrugna...

EUVD-2017-8684

Malware in sbrugna...

EUVD-2012-5961

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-17524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allo...

Linux Distros Unpatched Vulnerability : CVE-2012-6089

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to...

Linux Distros Unpatched Vulnerability : CVE-2012-6090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a...

RHEL 6 : pl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - David Koblas' GIF decoder LZW decoder buffer overflow CVE-2011-2896 - pl: buffer overflows in path...

swi-prolog.996271.n3.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1184927 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

SWI-Prolog library/www_browser.pl file injection vulnerability

SWI-Prolog is a fee-compliant compiler for the Prolog language. A security vulnerability exists in the library/wwwbrowser.pl file in SWI-Prolog version 7.2.3, which stems from the program failing to validate strings before starting the program. A remote attacker can exploit the vulnerability to...

Design/Logic Flaw

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

DEBIAN-CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

UBUNTU-CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2017-17524

SWI-Prolog 7.2.3 is affected by CVE-2017-17524 due to the library/www_browser.pl component not validating strings before launching the program specified by the BROWSER environment variable. This can allow remote attackers to perform argument-injection attacks via a crafted URL. Exploitation detai...

Gentoo Security Advisory GLSA 201312-05

Gentoo Linux Local Security Checks GLSA 201312-05 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...