Page 50 of 249 results (0.021 seconds)

CVSS: 7.5EPSS: 10%CPEs: 7EXPL: 2

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. Error de signo en entero en el módulo de extensión zlib en Python 2.5.2 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un entero negativo, lo que provoca una asignación insuficiente de memoria y un desbordamiento de búfer. • https://www.exploit-db.com/exploits/31634 http://bugs.python.org/issue2586 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/29889 http://secunia.com/advisories/29955 http://secunia.com/advisories/30872 http://secunia.com/advisories/31255 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/33937 http://secunia.com/advisories/37471 http://secunia.com/advisories/38675 http:& • CWE-681: Incorrect Conversion between Numeric Types •

CVSS: 4.3EPSS: 3%CPEs: 10EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el controlador-balanceador en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.x, permite a los atacantes remotos conseguir privilegios por medio de vectores no especificados. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://secunia.com/advisories/31026 http://secunia.com/advisories/32222 http://secunia.com/advisories/33797 http://secunia.com/advisories/34219 http://security.gentoo.org/glsa/glsa-200807-06.xml http://securityreason.com/securityalert/3523 http://support.apple.com/kb/HT3216 http:/& • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. Desbordamiento de búfer en exif.cpp en la libreria exiv2 permite a atacantes dependientes del contexto ejecutar código de su elección a través de archivos EXIF manipulados que disparan un desbordamiento de búfer basado en pila. • http://bugs.gentoo.org/show_bug.cgi?id=202351 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://secunia.com/advisories/28132 http://secunia.com/advisories/28178 http://secunia.com/advisories/28267 http://secunia.com/advisories/28412 http://secunia.com/advisories/28610 http://secunia.com/advisories/32273 http://security.gentoo.org/glsa/glsa-200712-16.xml http://www.debian.org/security/2008/dsa-1474 http://www.mandriva.com/security/advisories • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 2%CPEs: 5EXPL: 0

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences. Una vulnerabilidad de salto de directorio en el módulo Archive::Tar Perl versiones 1.36 y anteriores, permite a atacantes remotos asistidos por el usuario sobrescribir archivos arbitrarios por medio de un archivo TAR que contiene un archivo cuyo nombre es una ruta (path) absoluta o presenta secuencias "..” • http://osvdb.org/40410 http://rt.cpan.org/Public/Bug/Display.html?id=29517 http://rt.cpan.org/Public/Bug/Display.html?id=30380 http://secunia.com/advisories/27539 http://secunia.com/advisories/33116 http://secunia.com/advisories/33314 http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml http://www.securityfocus.com/bid/26355 http://www.ubuntu.com/usn/usn-700-1 http://www.ubuntu.com/usn/usn-700-2 http://www.vupen.com/english/advisories/2007 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •