CVE-2017-2149

The CVE-2017-2149 issue is an Untrusted search path vulnerability in Toshiba memory card installers, enabling a Trojan horse DLL to be loaded from an unspecified directory and allowing code execution with user privileges. Affected software includes several FlashAir/TransferJet related tools and c...

mhahaber.com XSS vulnerability

Vulnerable URL: https://www.mhahaber.com/?s="/alert/OPENBUGBOUNTY/...

drk.de XSS vulnerability

Vulnerable URL: https://www.drk.de/suche/?id=502kesearchpi1page=1kesearchpi1sword=test...

CVE-2016-8721

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An...

Shortening Your DCAP Short List: Five Critical Things to Consider for a Data-Centric Audit and Protection Solution

Exponential data growth. You’ve heard it many times before, but it’s still the most accurate way to describe the enormous and growing amount of data that businesses generate and collect today. It’s this growth that is driving today’s enterprises to revisit their strategies for data security and...

Unrestricted file upload

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a...

CVE-2015-6567

Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality...

CVE-2016-8720

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

CVE-2016-1178

The CVE-2016-1178 issue affects appleple a-blog cms up to version 2.6.0.1, where a flaw in the session management of the comment feature allows remote attackers to obtain or modify sensitive data. Related sources describe concrete impacts: an unauthenticated attacker could delete arbitrary commen...

CVE-2017-3057

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3043

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality...

CVE-2017-3043

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality...

Memory corruption

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality...

Integer overflow

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...

bebekform.com XSS vulnerability

Vulnerable URL: https://www.bebekform.com/ara.php?searchGrup=0"'--!confirmOPENBUGBOUNTY...

CVE-2017-3043

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality...

CVE-2017-3057

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution...