JVN#78689801: BGA32.DLL and QBga32.DLL contain multiple vulnerabilities

BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. Impact Decompressing a...

Design/Logic Flaw

The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...

CVE-2015-3458

The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the lynx-cur-wrapper package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Dulwich buffer overflow vulnerability

Dulwich is a Python implementation of the file format and protocols of the Git version control system developed by software developer Jelmer Vernooij. A buffer overflow vulnerability exists in the C implementation of the 'applydelta' function in the pack.c file in versions of Dulwich prior to...

Exploit for Out-of-bounds Write in Gnu Glibc

CVE-2015-0235-workaround aka GHOST glibc vulnerability A shar...

CVE-2014-8631

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method...

CVE-2014-8631

CVE-2014-8631 affects Firefox (before 34.0) and SeaMonkey (before 2.31) where the Chrome Object Wrapper (COW) allows native-interface passing, potentially bypassing DOM object restrictions via an unspecified method. This remote vulnerability could be exploited without user interaction; exploitati...

CVE-2014-8631

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method...

[SECURITY] Fedora 21 Update: Pound-2.7-0.4.d.fc21

The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web servers. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL ...

chromium: multiple security fixes in Chrome 38.0.2125.101

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping...

masscan (NASL wrapper)

This VT is deprecated. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105924";...

[SECURITY] Fedora 19 Update: python-pillow-2.0.0-14.gitd1c6db8.fc19

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are five subpackages: tk tk interface, qt PIL image wrapper for Qt , sane scanning...

UBUNTU-CVE-2014-3171

Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to...

phpMyAdmin 2.5.7 - Remote code injection Exploit

No description provided by source. / phpmy-explt.c written by Nasir Simbolon nasir kecapi com eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client...

python-wrapper Untrusted Search Path/Code Execution Vulnerability

No description provided by source. python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root to help'modules' ...

kosch suid wrapper 1.1.1 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2837/info A boundary condition error exists in suid wrapper or 'su-wrapper.' The overflow occurs when a string exceeding approximately 1032 characters is given as the first argument when the program is run. Because the...

Majordomo 1.94.4/1.94.5 - Local -C Parameter Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo or one of several other...

dompdf 0.6.0 (dompdf.php, read param) - Arbitrary File Read

No description provided by source. Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is present on dompdf.ph...

Xorg 1.4 to 1.11.2 File Permission Change PoC

No description provided by source. / xchmod.c -- Xorg file permission change vulnerability PoC Author: vladz http://vladz.devzero.fr Date: 2011/12/15 Software: www.x.org Version: Xorg 1.4 to 1.11.2 in all configurations. Xorg 1.3 and earlier if built with the USECHMOD preprocessor identifier Test...