1418 matches found
Gila CMS SQL Injection Vulnerability
Gila CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in /admin/sql?query= in Gila CMS version 1.11.8. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker...
CVE-2019-8600
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...
CVE-2019-8600
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...
Memory corruption
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...
EUVD-2019-17990
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...
CVE-2019-8600
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution...
Joomla Sumoku 3.9.8 SQL Injection
Exploit Title : Joomla Sumoku 3.9.8 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/10/2019 Vendor Homepage : blueorangegames.com/sumoku/ Affected Version : 3.9.8 Tested On : Windows and Linux Category : WebApps Exploit Risk : Medium Vulnerabili...
Update Rollup 8 for System Center 2016 Orchestrator
Update Rollup 8 for System Center 2016 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2016 Orchestrator. This article also contains the installation instructions for this update. Issues that are fixed Runbook performing SQ...
CVE-2019-13292
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks...
Apple iTunes for Windows < 12.9.5 Multiple Vulnerabilities (credentialed check)
The version of Apple iTunes for Windows installed on the remote Windows host is prior to 12.9.5. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210124 advisory. - An application may be able to gain elevated privileges CVE-2019-8577 - A maliciously crafted SQL query...
Apple TV 12.0.0 and < 12.3 Multiple Vulnerabilities
Binary data 700719.prm...
Sql injection
DISPUTED Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid...
PostgreSQL 9.4.x < 9.4.22 / 9.5.x < 9.5.17 / 9.6.x < 9.6.13 / 10.x < 10.8 / 11.x < 11.3 Multiple vulnerabilities
The version of PostgreSQL installed on the remote host is 9.4.x prior to 9.4.22, 9.5.x prior to 9.5.17, 9.6.x prior to 9.6.13, 10.x prior to 10.8, or 11.x prior to 11.3. It is, therefore, affected by multiple vulnerabilities. - A remote code execution vulnerability exists in both, the BigSQL and...
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-003)
The remote host is running Mac OS X 10.12.6 or Mac OS X 10.13.6 and is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An application may be able to read restricted memory CVE-2019-8603, CVE-2019-8560 - An application may be able to execute arbitrary code wit...
phpBB 3.2.5 Denial Of Service Vulnerability
Vulnerability information ========================= Title: phpBB Native Fulltext Search denial of service CVE ID: CVE-2019-9826 CVSSv3 score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Vulnerability description ========================= Improper input validation in the Native Fulltext Search compone...
Joomla Component XMap SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla component XMap. The flaw is due to input passed to 'index.php' via the 'view=' and 'itemID=' parameters failing to be properly filtered before being used in SQL queries. An attacker could...
Quest NetVault Backup Server Code Execution / SQL Injection
Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 CVE : CVE-2017-17417 There is a decent...
Joomla AcePolls 3.x SQL Injection
Exploit Title : Joomla AcePolls 3.x SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 10/02/2019 Vendor Homepage : joomace.net Software Download Link : joomace.net/downloads/acepolls...
Joomla JComments 3.0.5 SQL Injection
Exploit Title : Joomla JComments Components 3.0.5 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 31/01/2019 Vendor Homepage : joomlatune.com Software Download Link : joomlatune.com/jcomments-downloads.html Software Information Link :...
CMSsite 1.0 SQL Injection
Exploit Title: CMSsite 1.0 - 'search' SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10 CVE: N/A...