The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

CVE Database

CVE-2017-1000208

A vulnerability in Swagger-Parser\'s (version<= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the \'generate\' and \'validate\' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.

11/16/2017

CVE-2017-1000201

The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack

11/16/2017

CVE-2017-1000200

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon\'s on_unregister_handler() function resulting in denial of service

11/16/2017

CVE-2017-1000199

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.

11/16/2017

CVE-2017-1000198

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service

11/16/2017

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.

11/16/2017

CVE-2017-1000196

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.

11/16/2017

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

11/16/2017

CVE-2017-1000194

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

11/16/2017

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim\'s browser.

11/16/2017

CVE-2017-1000189

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()

11/16/2017

CVE-2017-1000188

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

11/16/2017

CVE-2017-1000187

In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()

11/16/2017

CVE-2017-1000186

In SWFTools, a stack overflow was found in pdf2swf.

11/16/2017

CVE-2017-1000185

In SWFTools, a memcpy buffer overflow was found in gif2swf.

11/16/2017

CVE-2017-1000182

In SWFTools, a memory leak was found in wav2swf.

11/16/2017

CVE-2017-1000176

In SWFTools, a memcpy buffer overflow was found in swfc.

11/16/2017

CVE-2017-1000174

In SWFTools, an address access exception was found in swfdump swf_GetBits().

11/16/2017

CVE-2017-1000173

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.

11/16/2017

CVE-2017-1000172

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the \'sublexer\' pointer has been freed. Line 542 of gravity_lexer.c. \'lexer\' is being used to access a variable but \'lexer\' has already been freed, creating a Heap Use-After-Free condition.

11/16/2017

CVE Database 81 - 100 of 115046
First | Prev. | 3 4 5 6 7 | Next | Last

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit &quot;mbae.sys&quot;

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015