3751 matches found
WordPress Magic Fields 1 plugin cross-site scripting vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress Magic Fields 1 plugin, which allows an attacker to frame malicio...
Researchers Uncover New Leads Behind Shamoon2
In a fresh analysis of the Shamoon2 malware, researchers from Arbor Networks’ Security Engineering and Response Team ASERT say they have unearthed new leads on the tools and techniques used in the most recent wave of attacks. Shamoon2 surfaced in November, approximately four years after the...
Joomla Magic Deals Web 1.2.0 SQL Injection
Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy: https://extensions.joomla.org/extensions/extension/e-commerce/gifts-a-coupons/magic-deals-web/...
Joomla Magic Deals Web 1.2.0 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy:...
Joomla! Component Magic Deals Web 1.2.0 - SQL Injection
Joomla! Component Magic Deals Web 1.2.0 - SQL Injection Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy:...
Joomla! Component Magic Deals Web 1.2.0 - SQL Injection
Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy: https://extensions.joomla.org/extensions/extension/e-commerce/gifts-a-coupons/magic-deals-web/...
Magic Ball Free - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Magic Ball Free published at the 'play' market has multiple vulnerabilities...
Cisco WebEx Browser Plugin Remote Code Execution Vulnerability
Cisco WebEx is a browser extension plug-in and part of the Cisco web conferencing software. A remote code execution vulnerability exists in the Cisco WebEx browser plug-in. The extension uses nativeMessaging, and an attacker can exploit the vulnerability to execute arbitrary code in a browser usi...
Remote Code Execution Bug Found in Ubuntu Quantal
A remote code execution bug has been patched in the default installation of Ubuntu Desktop affecting all default installations of Quantal version 12.10 and later. According to researcher Donncha O’Cearbhaill, the bug allows for code injection when a user opens a specially crafted malicious file...
PHP deserialization vulnerability causes and vulnerabilities mining techniques and case-vulnerability warning-the black bar safety net
One, serialization and deserialization Serialization and deserialization of the object is such that the Inter-program transfer object will be more convenient. Serialization is converting an object to string to store the transmission in a way. And deserialization is exactly the sequence of the...
php: bypass __wakeup() in deserialization of an unexpected object
ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...
file: Buffer over-write in finfo_open with malformed magic file
The filecheckmem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service buffer overflow and application...
Alienvault OSSIM/USM 5.3.1 - PHP Object Injection
Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...
Alienvault OSSIM/USM 5.3.1 - PHP Object Injection Vulnerability
Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP objec...
Alienvault OSSIM/USM 5.3.1 PHP Object Injection
Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...
CVE-2016-8580
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...
CVE-2016-8580
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...
CVE-2016-7124
Removed by vendor...
UBUNTU-CVE-2016-7124
ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...
WordPress Magic Fields 2 Cross Site Scripting
------------------------------------------------------------------------ Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016...