Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php. Date published...
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message. Date published...
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. Date published : 2017-05-22 https://github.com/roundcube/roundcubemail/commit/012555c1cef35601b543cde67bff8726de97eb39 https://github.com/roundcube/roundcubemail/issues/4816
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. Date published : 2017-05-22 https://github.com/roundcube/roundcubemail/commit/6ccd4c54bcc4cb77365defabe8bbe7d10b2620d4 https://github.com/roundcube/roundcubemail/commit/e84fafcec22e7b460db03248dc23ed6b053b15c9
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. Date published : 2017-05-22...
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php. Date published : 2017-05-22...
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable...
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet. Date published : 2017-05-22 http://www.securityfocus.com/bid/74751 https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. Date published : 2017-05-22 http://www.securityfocus.com/bid/74795 https://www.alienvault.com/forums/discussion/5127/
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. Date published : 2017-05-22 http://www.securityfocus.com/bid/74791 https://www.alienvault.com/forums/discussion/5127/
Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors. Date published : 2017-05-22 http://www.securityfocus.com/bid/76663 https://android.googlesource.com/platform/frameworks/av/+/b9096dc
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. Date published : 2017-05-22 http://www.securityfocus.com/bid/95131 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. Date published : 2017-05-22 http://www.securityfocus.com/bid/95131 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Date published : 2017-05-22 http://www.securityfocus.com/bid/95131 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html