34 matches found
Buffer overflow
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name...
CVE-2014-8271
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name...
CVE-2016-1000110
The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...
CVE-2019-7617
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...
CVE-2019-7617
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...
Design/Logic Flaw
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...
CVE-2019-7617
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...
DEBIAN-CVE-2019-9026
An issue was discovered in libmatio.a in matio aka MAT File I/O Library 1.5.13. There is a heap-based buffer overflow in the function InflateVarName in inflate.c when called from ReadNextCell in mat5.c...
RHEL 6 : php (RHSA-2016:1609) (httpoxy)
An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Medium: php55, php56
Issue Overview: A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. ...
CVE-2016-1000110
The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...
OpenEMR globals.php Authentication Bypass (CVE-2015-4453)
An authentication weakness vulnerability exists in OpenEMR, specifically in the globals.php script. The vulnerability is due to variable name collision during HTTP parameter extraction. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the...
Default configuration
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...
CVE-2009-3435
Cross-site scripting XSS vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name...