7 results (0.008 seconds)

CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0

slim has NULL pointer dereference when using crypt() method from glibc 2.17 slim presenta una desreferencia del puntero NULL cuando es usado el método crypt() de glibc versión 2.17. • http://www.openwall.com/lists/oss-security/2013/10/09/6 http://www.securityfocus.com/bid/62906 https://access.redhat.com/security/cve/cve-2013-4412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4412 https://exchange.xforce.ibmcloud.com/vulnerabilities/89675 https://security-tracker.debian.org/tracker/CVE-2013-4412 • CWE-476: NULL Pointer Dereference •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php. Múltiples vulnerabilidades de inyección SQL en Discussion Forums 2k v3.3, cuando "Magic_quotes_gpc están desactivadas, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) CatID a (a) RSS1.php y (b) RSS2.php en misc/; y el (2) SubID a (c) misc/RSS5.php. • https://www.exploit-db.com/exploits/6643 http://www.securityfocus.com/bid/31518 https://exchange.xforce.ibmcloud.com/vulnerabilities/45610 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1

SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2. • https://www.exploit-db.com/exploits/26617 http://pridels0.blogspot.com/2005/11/sourcewell-sql-inj-vuln.html http://secunia.com/advisories/17673 http://www.osvdb.org/21130 http://www.securityfocus.com/bid/15586 http://www.vupen.com/english/advisories/2005/2615 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users. El diálogo de Conexión Rápidad en Konversation 0.15 usa inadvertidamente la contraseña suministrada por el usuario como el apodo en lugar del apodo suministrado por el usuario cuando se conecta a un servidor IRC, lo que podría filtrar la contraseña a otros usuarios. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html http://marc.info/?l=bugtraq&m=110626383310742&w=2 http://secunia.com/advisories/13919 http://secunia.com/advisories/13989 http://securitytracker.com/id?1012972 http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml http://www.kde.org/info/security/advisory-20050121-1.txt http://www.securityfocus.com/bid/12312 https://exchange.xforce.ibmcloud.com/vulnerabilities/19038 •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1

The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected. La característica de Botones Rápidos en Konversation 0.15 permite atacantes remotos ejecutar ciertos comandos IRC mediante un nombre de canal conteniendo variables "%", con son expandidas recursivamente por la función Server::parseWildcards cuando el botón "Partir" está seleccionado. • https://www.exploit-db.com/exploits/25054 http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html http://marc.info/?l=bugtraq&m=110626383310742&w=2 http://secunia.com/advisories/13919 http://secunia.com/advisories/13989 http://securitytracker.com/id?1012972 http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml http://www.kde.org/info/security/advisory-20050121-1.txt http://www.securityfocus.com/bid/12312 https://exchange.xforce.ibmcloud.com/vulne •