go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. Date published : 2019-12-31 http://marc.info/?l=bugtraq&m=109164242705572&w=2 http://openwall.com/lists/oss-security/2013/12/12/8
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when...
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Date published : 2019-12-31 http://openwall.com/lists/oss-security/2013/12/12/8 https://github.com/mikaku/Monitorix/commit/e86c11593238be6956a67a04d640c65810d50b59
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. Date published : 2019-12-31 http://openwall.com/lists/oss-security/2013/12/12/8 https://github.com/mikaku/Monitorix/commit/ff80441be7089f774448dfe4b49e6fced70e71cb
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Date published : 2019-12-31 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html http://www.openwall.com/lists/oss-security/2013/09/17/4
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. Date published : 2019-12-31 http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption). Date published...
The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "payload", or in an image...
Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks. Date published : 2019-12-31 http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. Date published : 2019-12-31 http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/
The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller’s identity....
The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller’s identity. Date...
The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller’s identity....
The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller’s...
