CVE-2017-15621

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interfacewan.lua file...

CVE-2017-15617

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interfacewan.lua file...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-02030)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by injecting commands into the...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-01911)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by injecting commands into the...

Ubuntu 14.04 LTS / 16.04 LTS : Irssi vulnerabilities (USN-3527-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3527-1 advisory. Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or openi...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-02027)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. A remote attacker can exploit the vulnerability by injecting commands into the new-time variable of the webfilter.lua file t...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-01912)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. A remote attacker can exploit the vulnerability by injecting commands into the iface variable in the interfacewan.lua file t...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-01908)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. A remote attacker can exploit the vulnerability by injecting commands into the olmode variable of the interfacewan.lua file ...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-01913)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. A remote attacker can exploit the vulnerability by injecting commands into the new-interface variable in the phddns.lua file...

USN-3527-1: Irssi vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. CVE-2018-5205 Joseph Bisch discovered that...

Microsoft Edge Chakra asm.js Out-of-Bounds Read Exploit

Exploit for windows platform in category dos / poc / Here's a snippet of AsmJSByteCodeGenerator::EmitAsmJsFunctionBody. AsmJsVar initSource = nullptr; if decl-sxVar.pnodeInit-nop == knopName AsmJsSymbol initSym = mCompiler-LookupIdentifierdecl-sxVar.pnodeInit-name, mFunction; if...

FreeBSD : irssi -- multiple vulnerabilities (a3764767-f31e-11e7-95f2-005056925db4)

Irssi reports : When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch. When using incomplete escape codes, Irssi may access data beyond the end of the string. Found by Joseph Bisch. A calculation error in the completion code could cau...

Input validation

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5207

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5207

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5207

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5207

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5207

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string...

Cross-site Scripting (XSS)

Apache Deltaspike is vulnerable to cross-site scripting XSS. The application does not properly escape the windowId variable, allowing a malicious user to inject and execute arbitrary Javascript. The impact is limited because the size of the variable is cut off after 10 characters...

Updated libexif packages fix security vulnerability

A vulnerability was found in libexif. The vulnerability is caused by an integer overflow. In some cases, the integer overflow can cause Heap Out-of-Bounds Read, i.e. Heap Buffer Overflow vulnerability. In some other cases, the integer overflow can cause use of uninitialized pointer variable, i.e...