In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have...
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems...
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack...
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid...
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By...
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed...
NetworkManager 0.9.x does not pin a certificate’s subject to an ESSID when 802.11X authentication is used. Date published : 2020-01-27 http://www.openwall.com/lists/oss-security/2010/04/22/2 https://bugzilla.gnome.org/show_bug.cgi?id=341323
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. Date published : 2020-01-27 https://packetstormsecurity.com/files/108111/Tiki-Wiki-CMS-Groupware-8.2-Code-Injection.html
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2020-01-27 https://www.exploit-db.com/exploits/38153
Local file inclusion in WebCalendar before 1.2.5. Date published : 2020-01-27 http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. Date published : 2020-01-27 http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/ https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via...
OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability Date published : 2020-01-27 https://www.tenable.com/plugins/nessus/76122
Wiz 5.0.3 has a user mode write access violation Date published : 2020-01-27 http://realpentesting.blogspot.com/p/realpentesting-advisory-title-user-mode.html http://seclists.org/fulldisclosure/2013/Sep/8