1148 matches found
Design/Logic Flaw
Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal...
CVE-2015-2247
Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal...
CVE-2015-2247
Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal...
CVE-2015-2247
CVE-2015-2247 affects Boosted Boards skateboards. Connected sources describe an unspecified vulnerability that allows physically proximate attackers to modify skateboard movement by hijacking the Bluetooth signal through an “injection attack.” The underlying cause and affected components are not ...
用友某订单系统POST Oracle注入(疑似通用)
简要描述: 涉及订单就不深入了,但是危害自己知道,如果黑客进去了,就不好办了,故rank为高 详细说明: 有两个问题站点:http://ufbg-ss02.yonyou.com/Login/login.aspx?ReturnUrl=%2flogin.aspx http://desktop.yonyou.com/Login/login.aspx?ReturnUrl=%2flogin.aspx 按照页面上的英文来说,应该是订单系统,涉及订单就不深入了,但是危害自己知道,如果黑客进去了,就不好办了 列出了Oracle用户密码 db: CTXSYS HR MDSYS ODM ODMMTR OE...
CVE-2014-3556
The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...
DouPHP SQL注入两处- -
简要描述: DouPHP 功能简单,因此防御起来比较容易,使用全局过滤很好的避免了问题,不过还是存在不严谨的地方。 挖洞不易啊- - 详细说明: 在文件\www\admin\article.php中: / +---------------------------------------------------------- 文章列表 +---------------------------------------------------------- / if $rec == 'default' $smarty-assign'urhere', $LANG'article';...
CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresqladapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. It was...
PHP-Ultimate Webboard 2.0 'admindel.php' Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30822/info PHP-Ultimate Webboard is prone multiple-input validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Successful exploits will allow unauthorized attackers to dele...
e107 1.0.2 - CSRF Resulting in SQL Injection
No description provided by source. Exploit Title: e107 v1.0.2 Administrator CSRF Resulting in SQL Injection Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...
McAfee Asset Manager 6.6 - Multiple Vulnerabilities
No description provided by source. Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated arbitrary file rea...
phpPass 2 AccessControl.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6594/info A problem with phpPass may allow an attacker to launch a SQL injection attack. The vulnerability exists in the accesscontrol.php script included with phpPass. Due to insufficient sanitization of user-supplied...
AlienVault Authenticated SQL Injection Arbitrary File Read
AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php, using the 'insertinto' parameter. This module exploits the vulnerability to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator...
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
方维团购getshell和注射
简要描述: 。。。 详细说明: saveavatar.php: $REQUEST'm'="UcModify"; $REQUEST'a'="saveavatar"; include ROOTPATH."app/source/index.php"; //进去看看 app/source/index.php: ....沈略....... $ma = strtolower$REQUEST'm'.''.$REQUEST'a'; switch$ma case 'ucmodifysaveavatar': require...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
CVE-2013-0298
OwnCloud 4.5.x is vulnerable to multiple XSS via (1) an iCalendar file in the calendar app, (2) the dir or (3) file parameters to apps/files_pdfviewer/viewer.php, or (4) the mountpoint parameter to /apps/files_external/addMountPoint.php. Root cause: improper handling of untrusted input in these c...
mySeatXT 0.2134 SQL注入漏洞
No description provided by source. 1 Sql Injection PoC: http://localhost/mySeatXT/web/ajax/autocompleteres.php?term=99' 'SQL INJECT' Vulnerable Code: + autocompleteres.php $sql = "SELECT FROM reservations WHERE reservationguestname LIKE '".$GET'term'."%' GROUP BY reservationguestname "; $fetch =...
Cybozu Garoon vulnerable to SQL injection
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a SQL injection vulnerability in the Space function. Impact A user who can log in to the product may execute an arbitrary SQL command in the database that the product is referencing. Solution Update the Softwar...
Small Zhu in the order management system of an injection-vulnerability warning-the black bar safety net
I didn't stop, too busy with work, time although little, but always there is nothing original out, okay 90SEC can often come up around and back into an internship, really scared a jump. Often engage in a shopping station should have encountered such an order management system, a fee system for. 漏...