DEBIAN-CVE-2013-7113

epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service application crash via a crafted packet...

UBUNTU-CVE-2013-7113

epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2013-7113

epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service application crash via a crafted packet...

Session fixation

The bgpattrunknown function in bgpattr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service bgpd crash via a crafted BGP update...

KB2915720: Changes in Windows Authenticode Signature Verification

The remote Windows host has not enabled the Windows Authenticode signature verification certificate padding check. This means extraneous information can be included in signed binaries. Note that Microsoft announced on July 29, 2014, that it no longer plans to enforce the stricter signature...

Suspicious Javascript Variable Names (CVE-2013-2551)

Javascript may contain overly large amount of abnormal variable names. This behavior may indicate an exploitation attempt...

Code injection

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPPLOCKFILEROOT environment variable...

Android Superuser mention the right vulnerability analysis-vulnerability warning-the black bar safety net

Recently, foreign security researchers uncover more Android platform under the authorization Application Management Software there are 3 security vulnerabilities, exploit the vulnerabilities may be the root mention the right, see the link: is. TSRC also for this 3 Android Superuser mention the...

wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599)

The dissectberchoice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service application crash via a malformed packet...

CVE-2013-3985

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable...

XADV-2013003 Linux Kernel eCryptfs write_tag_3_packet Heap Buffer Overflow Vulnerability

+--------------------------------------------------------------------------------------------+ | XADV-2013003 Linux Kernel eCryptfs writetag3packet Heap Buffer Overflow Vulnerability | +--------------------------------------------------------------------------------------------+ Vulnerable...

CVE-2013-4457

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation...

Design/Logic Flaw

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation...

Cocaine Gem for Ruby contains a flaw

Cocaine Gem for Ruby contains a flaw that is due to the method of variable interpolation used by the program. With a specially crafted object, a context-dependent attacker can execute arbitrary commands...

PhpMyAdmin Remote Variable Manipulation (CVE-2011-2505)

A remote variable manipulation vulnerability has been reported in PhpMyAdmin...

CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...

CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...

Information leak through outs instruction emulation

ISSUE DESCRIPTION The emulation of the outs instruction for 64-bit PV guests uses an uninitialized variable as the segment base for the source data if an FS: or GS: segment override is used, and if the segment descriptor the respective non-null selector in the corresponding selector register poin...

Destoon最新全版本通杀SQL注入漏洞

简要描述： Destoon最新全版本通杀注入漏洞 详细说明： /common.inc.php 64行： ------------------------------------------------------------------------------------- if$POST $POST = stripsql$POST; //stripsql过滤 if$GET $GET = stripsql$GET; if$COOKIE $COOKIE = stripsql$COOKIE; ......... if$POST extract$POST, EXTRSKIP; //注册变量...

CVE-2013-4361

The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction...