various vulnerabilities and exploits

(subscribe to this query)

Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote malicious users to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows malicious users to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

deepin-clone prior to 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system m...

Deepin Deepin-clone Fedoraproject Fedora 30

deepin-clone prior to 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content ...

Deepin Deepin-clone

deepin-clone prior to 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system l...

Deepin Deepin Clone

In GUI mode, deepin-clone prior to 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not at...

Deepin Deepin-clone

Integer overflow in Perl-Compatible Regular Expression (PCRE) library prior to 6.7 allows context-dependent malicious users to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), whi...

Integer overflow in Perl-Compatible Regular Expression (PCRE) library prior to 6.7 might allow context-dependent malicious users to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calcula...

Perl-Compatible Regular Expression (PCRE) library prior to 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent malicious users to ca...

lighttpd 1.4.18, and possibly other versions prior to 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote malicious users to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Lighttpd Lighttpd 1.4.7 Lighttpd Lighttpd 1.4.8 Lighttpd Lighttpd 1.4.9 Lighttpd Lighttpd 1.4.10 Lighttpd Lighttpd 1.4.11 Lighttpd Lighttpd 1.4.12 Lighttpd Lighttpd 1.4.13 Lighttpd Lighttpd 1.4.14 Lighttpd Lighttpd 1.4.15 Lighttpd Lighttpd 1.4.16 Lighttpd Lighttpd 1.4.17 Lighttpd Lighttpd 1.4.18

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook