CVE-2017-15190

CVE-2017-15190: In Wireshark versions 2.4.0–2.4.1, the RTSP dissector could crash due to the incorrect scope of a variable in epan/dissectors/packet-rtsp.c. The issue was fixed in a later Wireshark patch (e.g., Wireshark 2.4.2 and related security advisories). Remediation: upgrade to an affected ...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

Stack overflow

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

CVE-2017-12814

CVE-2017-12814 affects Windows builds of Perl prior to 5.24.3-RC1 and 5.26.x prior to 5.26.1-RC1, due to a stack-based overflow in CPerlHost::Add (win32/perlhost.h). An overly large ENV key can overflow a fixed stack buffer, enabling arbitrary code execution. Public details confirm affected versi...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

Mongoose Embedded Web Server Library 6.8 Buffer Overflow Exploit

Exploit for multiple platform in category remote exploits Product: Mongoose Embedded Web Server Library Vendor: Cesanta CVE ID: Not yet assigned. CSNC ID: CSNC-2017-023 Subject: Stack based buffer overflow Risk: High Effect: Remotely exploitable Author: Dobin Rutishauser Date: 2017-09-20...

CVE-2017-9677

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msmcomprioctlshared, variable "ddp-paramslength" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, ra...

Cross-site Scripting (XSS)

airflow is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the variable view, when the variable template doesn't exist. When this happens, the input is returned to the user without being escaped...

SchoolCMS suffers from a variable override vulnerability (CNVD-2017-30716)

SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS suffers from a variable override vulnerability. An attacker can utilize the browser's TAB function to reset any user's password...

Variable Override Vulnerability in SchoolCMS

SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS suffers from a variable override vulnerability. An attacker can utilize the browser's TAB function to override access to user information...

WordPress surveys SQL injection vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.WordPress surveys is a polls plugin developed by Binny VA, an Indian software developer for Wordpress. A SQL injection...

CVE-2017-1002027

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rkuserlist.php...

CVE-2017-1002022

Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query...

CVE-2017-1002020

Vulnerability in wordpress plugin surveys v1.01.8, The code in surveyform.php does not sanitize the action variable before placing it inside of an SQL query...

The vulnerability of the TrustZone component of the Android operating system from the CAF repository, which allows a perpetrator to gain unauthorized access to protected memory.

The vulnerability of the TrustZone component of the Android operating system from the CAF repository relates to the use of an uninitialized variable during system calls. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected memor...

CVE-2017-12865

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted response query string passed to the "name" variable...

CVE-2017-13697

controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable...