9571 matches found
CVE-2017-6455
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPIDLLS environment variable...
CVE-2017-6458
Multiple buffer overflows in the ctlput functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable...
CVE-2017-6458
Multiple buffer overflows in the ctlput functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable...
NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow Exploit
Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlangavi Stack...
Hardcoded credentials
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
DEBIAN-CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
UBUNTU-CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
Default credentials
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to...
bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution
An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...
Design/Logic Flaw
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...
CVE-2014-9938
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...
Integer overflow
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the loadapng function and the imagesize variable...
CVE-2017-6960
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the loadapng function and the imagesize variable...
CVE-2016-0770
Cross-site scripting XSS vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable...
CVE-2016-10166
Integer underflow in the gdContributionsAlloc function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable...
Integer overflow
Integer underflow in the gdContributionsAlloc function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable...
CVE-2016-10195
The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read...