Oracle Hospitality OPERA 5 Property Services 安全漏洞

Oracle Hospitality OPERA 5 Property Services is a Windows-based application component developed by Oracle Corporation, used for processing payment card transactions. Vulnerabilities exist in versions 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, and 5.6.28 of Oracle Hospitality OPERA 5 Property Service...

SUSE CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges...

Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com !/bin/bash Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution Vendor: Selea s.r.l. Product web page:...

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa 512 Targa 504 Targa Semplice Targa 704 TKM Targa 805 Targa 710 INOX Targa 750 Targa 704 ILB Firmware: BLD201113005214 BLD20110616374...

Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery

Selea Targa IP OCR-ANPR Camera Unauthenticated SSRF Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa 512 Targa 504 Targa Semplice Targa 704 TKM Targa 805 Targa 710 INOX Targa 750 Targa 704 ILB Firmware: BLD201113005214 BLD201106163745 BLD2003041709...

Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Unauthenticated Directory Traversal File Disclosure Vendor: Selea s.r.l. Product we...

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

PHP < 5.5.36, 5.6.x < 5.6.22, 7.x < 7.0.7 Multiple Vulnerabilities (Aug 2016) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

CVE-2016-5094

Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function...

Fedora 22 : php (2016-65f1ffdc0c)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

Fedora 23 : php (2016-6b1938566f)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

Fedora 24 : php (2016-b967ac1a74)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

Debian DSA-3602-1 : php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.22, which includes additional bug fixes. Please refer to the upstream changelog for mor...

Internet Bug Bounty: Integer Overflow in _gd2GetHeader() resulting in heap overflow

The gd2GetHeader is prone to an integer overflow, which result in heap based overflow. Tested on PHP 5.6.22 --------------- PoC --------------- $ ls poc.gd poc.php $ cat poc.php --------------- Result --------------- /php$ gdb -q --args ./php-5.6.22/sapi/cli/php poc.php Reading symbols from...

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: In php-intl, geticuvalueinternal out-of-bounds read CVE-2016-5093. Integer Overflow in phphtmlentities CVE-2016-5094. Integer underflow / arbitrary null write in fread/gzread CVE-2016-5096. The php package has been updated to version 5.6.22, whic...

mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL...

mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption...

mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML...

mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL...

mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML...