7736 matches found
CVE-2019-7587
Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...
CVE-2019-7587
CVE-2019-7587 affects Bo-blog Wind through 1.6.0-r. The vulnerability is a SQL Injection in the admin.php/comments/batchdel/ comID parameter, caused by mishandling in the mode/admin.mode.php delBlockedBatch function. The connected sources corroborate the issue and describe it as a SQL injection v...
CVE-2019-7587
Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...
Friday Squid Blogging: Squid with Chorizo, Tomato, and Beans
Nice recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Security Bulletin: Vulnerability in GNU C Library affects IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware (CVE-2016-1234)
Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following vulnerability in GNU C Library. Vulnerability Details Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following vulnerability i...
Security Bulletin: A security vulnerability has been identified in IBM Systems Director Editions
Summary Tivoli Common Reporting, IBM Systems Director and Tivoli Application Dependency Discovery Manager are shipped as components of IBM Systems Director Editions. Information about a security vulnerability affecting the above components has been published ina security bulletin. Vulnerability...
Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect Juniper EX Series Network Switches sold by IBM for use in IBM Products (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Juniper EX Series Network Switches sold by IBM for use in IBM Products. Vulnerability Details Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affec...
Security Bulletin:Vulnerability in IBM Java Runtime affects IBM Tivoli Monitoring, Tivoli Application Dependency Discovery Manager, IBM Systems Director and Tivoli Common Reporting with IBM System Director Editions.(CVE-2015-0138)
Summary IBM Tivoli Monitoring, Tivoli Application Dependency Discovery Manager, IBM System Director and Tivoli Common Reporting are shipped as components of IBM System Director Editions. Vulnerability Details Summary IBM Tivoli Monitoring, Tivoli Application Dependency Discovery Manager, IBM Syst...
Security Bulletin: GNU C library (glibc) vulnerability affects IBM System Networking RackSwitch G8264 (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM System Networking RackSwitch G8264 Vulnerability Details Abstract GNU C library glibc vulnerability that has been referred to as GHOST affects IBM System Networking RackSwitch G8264 Content Vulnerability...
Security Bulletin: Security vulnerability has been identified in IBM Systems Director shipped with IBM Systems Director Editions (CVE-2013-0169, CVE-2013-4002)
Summary IBM Systems Director is shipped as a component of IBM Systems Director Editions. Information about a security vulnerability affecting IBM Systems Director has been published in a security bulletin. Vulnerability Details Abstract IBM Systems Director is shipped as a component of IBM System...
Security Bulletin: Security vulnerability has been identified in IBM Tivoli Monitoring, IBM Tivoli Application Dependency Discovery Manager, and Tivoli Common Reporting shipped with IBM System Director Editions (CVE-2014-0114)
Summary IBM Tivoli Monitoring, IBM Tivoli Application Dependency Discovery Manager, Tivoli Common Reporting are shipped as a component of IBM System Director Editions. Information about a security vulnerability affecting has been published in a security bulletin. Vulnerability Details Abstract IB...
Croogo cross-site scripting vulnerability (CNVD-2019-03588)
Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized for Blog, Node, Page, content editing using WYSIWYG editor and other features. A cross-site scripting vulnerability exists in Croogo 3.0.5 and earlier versions...
Google Takes Its First Steps Toward Killing the URL
Google wants to get rid of URLs. But first, it needs to show you why...
Cross site scripting
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...
A Six Flags Fingerprints Ruling, Supply Chain Hacks, and More Security News This Week
Google's elite security team, police scanner encryption, and more of the week's top security news...
Friday Squid Blogging: Squids on the Tree of Life
Interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Hacking the GCHQ Backdoor
Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active -- silently inserting a secret...
Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Link: https://www.lua.org/ftp/lua-5.3.5.tar.gz...