9564 matches found
CVE-2015-5198
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAUDRIVERPATH environment variable...
CVE-2015-5199
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAUDRIVER environment variable...
CVE-2015-5199
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAUDRIVER environment variable...
CVE-2015-5198
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAUDRIVERPATH environment variable...
Amazon Linux: Security Advisory (ALAS-2015-520)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DedeCMS 5.7 SP1 /install/index.php 远程文件包含漏洞
1.漏洞分析 /install/index.php.bak or index.php php $slang = 'utf-8'; $installdemoname = 'dedev57demo.txt'; $insLockfile = dirnameFILE.'/installlock.txt'; //初始化了变量 $moduleCacheFile = dirnameFILE.'/modules.tmp.inc';//初始化了变量 .... 29行 foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k =...
CVE-2015-5198
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAUDRIVERPATH environment variable...
CVE-2015-5199
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAUDRIVER environment variable...
Flash Uninitialized Stack Variable MPD Parsing Memory Corruption
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=316&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=472201 Credit is to bilou,...
Apple OS X DYLD_PRINT_TO_FILE Environment Variable Checksum Local ROOT Privilege Gain Vulnerability
Apple Mac OS X is an operating system developed by Apple Inc. Apple Mac OS X fails to properly calibrate the DYLDPRINTTOFILE environment variable, allowing local attackers to write arbitrary files with root privileges and elevated privileges...
remind -- buffer overflow with malicious reminder file input
Dianne Skoll reports: BUG FIX: Fix a buffer overflow found by Alexander Keller. The bug can be manifested by an extended DUMP command using a system variable that is a special variable whose name begins with '$'...
sudo security update
CentOS Errata and Security Advisory CESA-2015:1409 Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability...
[SECURITY] [DLA 280-1] ghostscript security update
Package : ghostscript Version : 8.71dfsg2-9+squeeze2 CVE ID : CVE-2015-3228 Debian Bug : 793489 In gsheapallocbytes, add a sanity check to ensure we dont overflow the variable holding the actual number of bytes we allocate...
DLA-280-1 ghostscript - security update
Bulletin has no description...
RedHat Update for sudo RHSA-2015:1409-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-1905
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors...
sudo: unsafe handling of TZ environment variable
It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the...
Moderate: Red Hat Security Advisory: sudo security, bug fix, and enhancement update
Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
FreeBSD : php -- arbitrary code execution (5a1d5d74-29a0-11e5-86ff-14dae9d210b8)
cmb reports : When delayed variable substitution is enabled can be set in the Registry, for instance, !ENV! works similar to %ENV%, and the value of the environment variable ENV will be subsituted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
SquirrelMail Arbitrary Variable Overwrite Vendor: The SquirrelMail Project Team Product: SquirrelMail Version: = 1.4.5-RC1 Website: http://www.squirrelmail.org/ BID: 14254 CVE: CVE-2005-2095 SECUNIA: 16058 PACKETSTORM: 38709 Description: SquirrelMail is a standards-based webmail package written i...