osTicket 1.10 - SQL Injection (PoC)

ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...

FineCMS 1.0 Cross Site Scripting / SQL Injection

Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: sohaip-hackerDZ Author Web:...

Activity Stream Gadget causing high memory/CPU consumption

+Problem Definition+ Activity Stream Gadget causing high memory/CPU consumption when there is 1 million+ of records in the AO563AEEACTIVITYENTITY table. In this particular case, found that majority of these records are from 3rd party plugins Insight. However, do note that this can happen to any...

WordPress Gallery Transformation plugin 1.0 - Blind SQL Injection vulnerability

Blind SQL Injection vulnerability found by Larry W. Cashdollar in WordPress Gallery Transformation plugin 1.0 version. SQL injection vulnerability lies in ./wordpress-gallery-transformation/gallery.php file, $jpic parameter passed into an SQL query unsanitized. Solution The plugin already removed...

Red-Gate SQL Monitor 3.10 4.2 - Authentication Bypass

Red-Gate SQL Monitor 3.10 4.2 - Authentication Bypass Exploit Title: Red-Gate SQL Monitor authentication bypass Version: Redgate SQL Monitor before 3.10 and 4.x before 4.2 Date: 2017-08-10 Red-Gate made a security announcement and publicly released the fixed version more than two years before thi...

[20170901] - Core - Information Disclosure

A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state...

About the security content of watchOS 3.2.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB

GaussDB has a buffer overflow vulnerability. An authenticated, remote attacker could use a specially crafted string in an SQL query to cause the database to crash, or lead to privilege escalation. Vulnerability ID: HWPSIRT-2017-05016 This vulnerability has been assigned a Common Vulnerabilities a...

InsightVM/Nexpose Patch Tuesday Reporting

Many of our customers wish to report specifically on Microsoft patch related vulnerabilities. This often includes specific vulnerabilities that are patched in Patch Tuesday updates. This post will show you the various ways that you can create reports for each of these. Remediation Projects...

Joomla! v3. 7 SQL injection high-risk vulnerability is a technical analysis of CVE-2017-8917-a vulnerability warning-the black bar safety net

comfields components loopholes, comfields Assembly is in 3. 7 version Added, if you use this version, will be affected and should be updated soon. This component publicly accessible, which means that any be able to access your site the user can initiate the attack. Vulnerability details ! From th...

Huiwen opac of the library back door leads to the source of the leak

0x00 description Hui Wen libsys library opac system is a colleges and universities to use more of the system, the user has Xiamen University, Nanjing University, Dalian Polytechnic University, Nankai University and many other schools. The system used is Oracle + the php, not from public contact t...

TYPO3 CMS news management module SQL injection vulnerability

The News module, the 20th most used module of TYPO3, is subject to an SQL injection vulnerability. Although the author has been contacted numerous times in the span of 4 months, no fix has been provided. We are therefore releasing the details. Also, it should be noted that the vulnerability is on...

CVE-2016-8940

IBM Tivoli Storage Manager IBM Spectrum Protect 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these...

IBM Spectrum Protect Server 7.1.1.0 - 7.1.7.0 SELECT Command RCE

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 7.1.1.0 through 7.1.7.0. It is, therefore, affected by a buffer overflow condition when handling the SELECT command in a SQL query due to improper validation of input. An authenticated, remote...

Buffer overflow

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference : 1998747...

CVE-2016-8998

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference : 1998747...

CVE-2016-8998

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference : 1998747...

Sql injection

An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil...

Schoolhos CMS 2.29 - Remote Code Execution SQL Injection

Schoolhos CMS 2.29 - Remote Code Execution SQL Injection \x0d\x0a-----------------------------26518470919255\x0d\x0a\x0d\x0a' \ 'http://HOST/PATH/elearningku/proses.php?pilih=guru&untukdi=upload'...

Alienvault OSSIM/USM 5.3.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection...