1939 matches found
Unspecified Vulnerability in CIPPlanner CIPAce
CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability to obtain ETL process contents by sending a...
Zomato: [www.zomato.com] Blind SQL Injection in /php/geto2banner
Hi Team! Our team discovered a Blind SQL Injection by Abusing LocalParams resid in /php/geto2banner We are working to create a full PDF Report as an WriteUp ; Here is a Temporal Exploit based on the Vulnerable request: POST /php/geto2banner HTTP/1.1 Host: www.zomato.com Connection: close...
SQL Injection Vulnerability in U-Mail Mail Server Software
U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades to the mail system, including data upgrades to the mail system, antivirus engine, and anti-spam engine. U-Mail mail server software has SQL injection vulnerability, attackers can use the...
The vulnerability of the way predictor implementation in AMD processor CPUs’ L1D data cache allows attackers to restore the encryption key in vulnerable AES implementations, reduce the effectiveness of ASLR protection, or extract data from the processor’s core.
The vulnerability of the way predictor implementation in AMD processors’ L1D cache involves collisions with the hash function used to calculate tags, which are used to locate a channel in the L1D cache. Exploiting this vulnerability can allow an attacker to recover encryption keys in vulnerable A...
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure Exploit Title: ManageEngine EventLog Analyzer 10.0 - Information Disclosure Date: 2020-02-23 Author:Scott Goodwin Vendor: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/eventlog/ CVE: CVE-2019-19774...
CVE-2017-14807
An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...
CVE-2017-14807
An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...
DEBIAN-CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...
EUVD-2019-7767
Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...
CVE-2019-15625
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information...
Andriller - Software Utility With A Collection Of Forensic Tools For Smartphones
Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data...
F5 Networks BIG-IP : BIG-IP AFM SQL injection vulnerability (K21121741)
A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to run a SQL injection attack. CVE-2019-6658 Impact An attacker may be able to extract table name enumeration and user account names. All other data available through the injection is already available...
Extracting Data from Smartphones
Privacy International has published a detailed, technical examination of how data is extracted from smartphones...
74cms 4.2.26 SQL Injection Vulnerability in Frontend Co***.php Page
Knight Talent System 74cms is a PHP + MYSQL based on the core development of a set of free + open source professional recruitment system. 74cms 4.2.26 SQL injection vulnerability exists in the frontend Co.php page. An attacker can exploit the vulnerability to obtain sensitive information from the...
CVE-2019-16285
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive...
Server side request forgery (ssrf)
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...
Sql injection
Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...
Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier
LONDON — A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services. According to research from Check Point, presented here at Virus Bulletin 2019 on Friday, the attack was firs...
Malicious Package
json-serializer is a malicious package. The malicious code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
bmap is a malicious package. The malicious code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...