29 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-5924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule that is mishandled ...
SUSE CVE-2018-12035
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...
DEBIAN-CVE-2021-45429
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yrsetconfiguration in yara/libyara/libyara.c, which could cause a Denial of Service...
PT-2022-12351
Name of the Vulnerable Software and Affected Versions VirusTotal YARA affected versions not specified Description A Buffer Overflow issue exists in VirusTotal YARA, specifically via yr set configuration in yara/libyara/libyara.c, which could cause a Denial of Service. Recommendations At the momen...
Gaming Industry Paves the Way
Currently at $200 billion per year and growing, the gaming industry has grown from humble beginnings in the 1930s during which games like Baffle Ball and pinball were considered a degenerate form of leisure that would lead young men into lives of sin into a massive global phenomenon widely seen a...
UBUNTU-CVE-2018-12035
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...
UBUNTU-CVE-2018-12034
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...
PT-2017-11927
Name of the Vulnerable Software and Affected Versions YARA versions 3.x Description A heap buffer overflow issue exists in the yr object array set item function, located in object.c, which can be triggered by scanning a maliciously crafted .NET file, leading to a denial-of-service attack...
CVE-2017-9420
Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...
CVE-2017-9420
Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...
DEBIAN-CVE-2017-5924
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule that is mishandled in the yrcompilerdestroy function...
UBUNTU-CVE-2016-10211
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule that is mishandled in the yrparserlookuploopvariable function...
ByVejr - DMI - Yr - Vejret - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application ByVejr - DMI - Yr - Vejret published at the 'play' market has multiple vulnerabilities...
YR weather widget HD - Dangerous filesystem permissions, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application YR weather widget HD published at the 'play' market has multiple vulnerabilities...
Yr - Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Yr published at the 'play' market has multiple vulnerabilities...
CVE-2010-3423
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method...
Sql injection
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method...
CVE-2010-3423
The CVE-2010-3423 entry describes a SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x prior to 6.x-1.6. Affected component: Drupal module Yr Weatherdata (Drupal 6.x). Root cause: SQL injection via the module’s sorting method, enabling remote attackers to execute arbitrary SQ...
CVE-2010-3423
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method...
SA-CONTRIB-2010-090 - Yr Weatherdata - SQL Injection
The Yr Weatherdata module displays weather forecasts, and enables users with the proper permission to set the sort method. When setting the sorting method the module does not filter the value input by the user correctly. This vulnerability can be exploited to perform an SQL Injection attack...