CVE-2015-7264

Facebook Proxygen’s SPDY/2 codec contains a vulnerability (CVE-2015-7264) in versions prior to 2015-11-09 where a field is truncated to two bytes, enabling hijacking and injection attacks over the network. The issue affects the SPDY/2 handling within Proxygen; exploitation is described as enablin...

Microsoft Windows Code injection vulnerability (DoubleAgent)

Overview We’d like to introduce a new Zero-Day technique for injecting code and maintaining persistency on a machine i.e. auto-run dubbed DoubleAgent. DoubleAgent can exploit: Every Windows version Windows XP to Windows 10 Every Windows architecture x86 and x64 Every Windows user...

Unauthorized Access Via User Impersonation

Apache nifi is vulnerable to unauthorized access via user impersonation attacks. The vulnerability exists due to a possible injection attack in a cluster environment, in the proxy chain's serialization/deserialization. A malicious user can inject in their username to impersonate another user to...

CVE-2016-9994

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1976805...

Design/Logic Flaw

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain...

Universal MITM Web Server: CopyCat

Universal MITM Web Server CopyCat is a Node.js based universal MITM web server. Used with DNS spoofing or another redirect attack, this server will act as a MITM for web traffic between the victim and a real server. Most often we see DNS spoofing used to redirect victims to an attackers server...

CVE-2016-5952

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

WordPress Private Messages 1.0.1 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WP Email Users – 1.4.1 – Plugin WordPress – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/wp-email-users/ Software Link: https://wordpress.org/plugins/wp-email-users/ Contact:...

Joomla com_blog_calendar Module SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A SQL injection vulnerability exists in the Joomla comblogcalendar module. An attacker can manipulate the modid value to execute SQL commands and re...

DEBIAN-CVE-2016-6611

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

Informatica: [kb.informatica.com] DOM based XSS in the bindBreadCrumb function

The bindBreadCrumb function, which is called after the document is loaded: javascript $document.readyfunction bindBreadCrumb; ; has the following insecure link assignments, that use non-encoded URL values: javascript strChild = "Search Results"; strChild = "Search Results"; strChild = "Search...

SQL Injection Vulnerability in YxtCMF Online Learning System

YxtCMF online learning system is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF Online Learning System is vulnerable to SQL injection. The lack of filtering due to the '$state=I"get.state";' parameter allows an attacker to exploit the vulnerability t...

CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

Oracle Linux 7 : python (ELSA-2016-2586)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-2586 advisory. - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359164 - Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.getdata...

Ubuntu 12.04 LTS : kdepimlibs vulnerability (USN-3100-1)

Roland Tapken discovered that the KDE-PIM Libraries incorrectly filtered URLs. A remote attacker could use this issue to perform an HTML injection attack in the KMail plain text viewer. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...

SQL Injection Vulnerability in OA System of Tianling Network Technology Co.

Tianling Network Technology Co., Ltd. has developed a business process software tool - myApps Rapid Development Platform, which provides customers with solutions for business process management consulting, planning, design, and training. A SQL injection vulnerability exists in the OA system of...

Local Code Injection – ownCloud Security Advisory

The ownCloud Client was vunerable to a local code injection attack. A malicious local user could create a special path where the client would load libraries from during startup. As on Windows, everyone by default has the permission to write to the C: drive and create arbitrary directories and...

CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

Sql injection

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...