6844 matches found
CVE-2016-8437
CVE-2016-8437 describes an improper input validation in Android’s Access Control APIs, with the kernel 3.18 memory range check potentially mishandled. Affected product: Android (Kernel 3.18). Official description notes a memory-range check issue but does not provide exploit paths or a concrete fi...
Cisco Expressway 8.8.1 Internal Scanning
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2016-115 Product: Expressway Manufacturer: Cisco Affected Versions: below X8.9 Tested Versions: X8.8.1 Vulnerability Type: Improper Input Validation CWE-20 Risk Level: Medium Solution Status: Fixed Manufacturer Notification:...
NVIDIA Windows GPU Display Driver Local Elevation of Privilege Vulnerability (CNVD-2016-10567)
NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows from NVIDIA. A local elevation of privilege vulnerability exists in NVIDIA Windows GPU Display Driver, which arises from the program failing to properly validate values. A local attacker could...
Adobe Reader Memory Corruption (APSB16-33: CVE-2016-6943)
A memory corruption vulnerability has been reported in Adobe Reader. The vulnerability is due to improper input validation. A remote attacker could trigger this issue via a specially crafted PDF file...
Adobe Acrobat and Reader Heap Overflow (APSB16-33: CVE-2016-6939)
A heap overflow vulnerability exists in Adobe Reader. The vulnerability is due to improper input validation. A remote attacker could trigger this issue via a specially crafted PDF file...
Nuuo NVR Log Parameter Unauthenticated Remote Code Execution (CVE-2016-5674)
A remote code execution was discovered in Nuuo Network Video Recording systems with Network Attached Storage. The vulnerability is due to Improper Input Validation in log parameter. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...
Exponent CMS Arbitrary Code Execution Vulnerability
Exponent CMS employs an intuitive and flexible content editing system that allows website pages to be edited on-page as it is displayed. An arbitrary code execution vulnerability exists in Exponent CMS due to a failure to properly validate user input. An attacker could exploit the vulnerability t...
Moxa SoftCMS Vulnerabilities
OVERVIEW Zhou Yu working with Trend Micro’s Zero Day Initiative and Gu Ziqiang from Huawei Weiran Labs have identified vulnerabilities in Moxa’s SoftCMS Webserver Application. Moxa has produced an update to mitigate these vulnerabilities. Both researchers have tested the update to validate that i...
Security Advisory - Improper Input Validation Vulnerability in AnyMail
Huawei AnyMail has an improper input validation vulnerability when opening compressed email attachments. Successful exploit could cause AnyMail to crash and exit. Vulnerability ID: HWPSIRT-2016-06099 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2016-6826...
ask2 \control\message.php parameters messageid SQL injection
先来看看该套源码的整体防注入:GPC转义+360的防御正则 很粗暴有没有,不过这里利用的是数组全面绕过360的防御正则,然后找到一些没有单引号包含的点,从而绕过单引号转义,绕过这两个,自然可以无限制任意注入初始化过滤在D:\wamp\www\ask2V3.1.1\model\sowenda.class.php中initrequest函数,在大概第60行 $this-get = taddslashes$this-get, 1; $this-post = taddslashesarraymerge$GET, $POST; checkattack$this-post, 'post';...
AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector
Exploit for linux platform in category web applications Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products Authenticated Remote Command Execution via devtools vector + Vendor: AXIS Communications + Research and Advisory: Orwelllabs ...
AXIS Authenticated Remote Command Execution
/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com security advisory olsa-2015-8257 PGP: 79A6CCC0 Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products...
VulnCheck KEV: CVE-2016-3714
ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image...
Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)
OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in SIMATIC WinCC,...
pgpdump 0.29 Endless Loop
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-030 Product: pgpdump Maintainer: Kazu Yamamoto Affected Versions: 0.29 Tested Versions: 0.29 Vulnerability Type: Improper Input Validation CWE-20 Risk Level: Low Solution Status: Fixed in 0.30 Maintainer Notification: 2016-04-...
ManageEngine Firewall Analyzer Multiple XSS
The ManageEngine Firewall Analyzer running on the remote web server is affected by multiple cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to execute arbitrary script code in a user's browser session...
Axis Network Cameras - Multiple Vulnerabilities
Exploit for hardware platform in category web applications I. ADVISORY INFORMATION ----------------------- Title: Axis Network Cameras Multiple Cross-site scripting Vendor: Axis Communications Class: Improper Input Validation CWE-20 CVE Name: CVE-2015-8256 Remotely Exploitable: Yes Locally...
Axis Network Cameras - Multiple Vulnerabilities
Axis Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY...
Axis Network Cameras - Multiple Vulnerabilities
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY INFORMATION ----------------------- Title: Axis...
perfact::mpa Persistent Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-066 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...