CVE-2011-2193

Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow 1 remote authenticated users to gain privileges via a long JobName field in a qsub command to the server, and might allow 2...

ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability

ZDI-11-198: Pwn2Own Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-198 June 14, 2011 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer --...

(Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability

This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Internet Explorer th...

On the PHP multi-character set encoding vulnerability research-exploit warning-the black bar safety net

| First, do an experiment,in the local environment in the establishment of such a php file ? php header"Content-Type:text/html;Charset=gb2312"; echo $GET"str"; echi "br/"; echo addslashes$GET"str"; ?& gt; Here my php environment has opened the Magicquotesgpc,contemporary code inside also made to...

CVE-2009-5077

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHPSELF variable, which is not properly handled by 1 includes/applicationtop.php and 2 admin/includes/applicationtop.php...

CVE-2009-5077

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHPSELF variable, which is not properly handled by 1 includes/applicationtop.php and 2 admin/includes/applicationtop.php...

PT-2011-1331 · Cre Loaded · Cre Loaded

Name of the Vulnerable Software and Affected Versions: CRE Loaded versions prior to 6.2.14 Description: The issue allows remote attackers to bypass authentication and gain administrator privileges. This is related to a modified PHP SELF variable, which is not properly handled by includes in the...

IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM

!/usr/bin/python tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit Jeremy Brown 0xjbrown41-gmail-com June 2011 Discovered by: Brian Adeloye of Tenable Network Security This exploit makes use of two vulnerabilities: 1 Base64 authentication credentials hard-coded in lcfd.exe 2 Stack-based...

python security, bug fix, and enhancement update

python: 2.6.6-20 Resolves: CVE-2010-3493 2.6.6-19 Resolves: CVE-2011-1015 2.6.6-18 Resolves: CVE-2011-1521 2.6.6-17 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-16 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-15 - fix race condition that sometimes breaks the build wi...

Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows)

The host is running Google Chrome and is prone to multiple denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultdosvulnmay11win.nasl 7029 2017-08-31 11:51:40Z teissa $ Google Chrome Multiple Denial of Service Vulnerabilities - May11 Windows Authors: Sooraj KS...

CVE-2011-1799

Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2011-1441

Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document...

PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net

A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...

CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

DEBIAN-CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

Design/Logic Flaw

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

CVE-2011-1095

Summary of CVE-2011-1095 (glibc locale quoting issue) : The vulnerability affects locale/programs/locale.c in the GNU C Library (glibc/libc6) prior to version 2.13. The code does not properly quote its output, which might allow local users to gain privileges via a crafted localization environment...

CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

CVE-2011-1658

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...