CVE-2017-16682

SAP NetWeaver Internet Transaction Server ITS, SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application...

CVE-2017-1606

IBM Financial Transaction Manager FTM for Multi-Platform MP 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:...

CVE-2017-1606

IBM Financial Transaction Manager FTM for Multi-Platform MP 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:...

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function an...

IBM Financial Transaction Manager SQL Injection Vulnerability

IBM Financial Transaction Manager FTM for Multi-Platform MP is a cross-platform financial transaction manager from IBM, USA, which is used to monitor, track and report on financial payments and transactions. A SQL injection vulnerability exists in IBM FTM for MP versions 3.0.0.0 through 3.0.0.7,...

Replay Attack

github.com/hyperledger/fabric is vulnerable to replay attacks. The library does not verify that the TxID of a transaction is unique, allowing a malicious user to possibly overwrite a currently existing transactionID...

SAP NetWeaver Internet Transaction Server Command Injection Vulnerability

SAP NetWeaver is a service-oriented, integrated application platform from SAP, of which the Internet Transaction Server ITS is a server for applications to communicate with the Internet. A command injection vulnerability exists in ITS in SAP NetWeaver. An attacker could exploit this vulnerability...

IBM Financial Transaction Manager Information Disclosure Vulnerability

IBM Financial Transaction Manager FTM for ACH Services, among others, is a financial transaction manager product from IBM Corporation in the United States, which is used to monitor, track and report on financial payments and transactions. An information disclosure vulnerability exists in IBM FTM...

Design/Logic Flaw

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735...

CVE-2017-1538

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735...

CVE-2017-1538

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735...

CVE-2017-1538

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735...

CVE-2017-1538

CVE-2017-1538 affects IBM Financial Transaction Manager for ACH Services, Check Services, and CPS on Multi-Platform 3.0.2.x–3.0.4.x. An authenticated user could obtain sensitive information from an undocumented URL. IBM’s bulletin lists affected versions (3.0.2.0–3.0.2.1, 3.0.3.0, 3.0.4.0) and re...

Secure E-commerce Script 1.02 - sid Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Secure E-commerce Script v1.02 - SQL Injection Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.phpscriptsmall.com/product/secure-e-commerce-script/ Version: 1.02 Tested on: Kali...

Aerospike Database Server Client Batch Request Code Execution Vulnerability(CVE-2016-9051)

Summary An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attack...

USN-3346-2 bind9 regression

USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key KSK...

Sql injection

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...

Fedora 24 : libdb (2017-014d67fa9d)

Security fix for DBCONFIG parsing when dbhome is not set. This update also introduces modified fixes for rhbz1394862 once again and additionally fixes ppc specific hangs described in rhbz1460003. Please be aware that this update is expected to cause DBVERSIONMISMATCH errors during installation if...

Knot DNS TSIG Authentication Bypass Vulnerability

Knot DNS is a high-performance DNS server developed by the Czech Network Information Center CZ.NIC that supports all the key features of the DNS system, such as zone switching, dynamic updates and DNS Security Extensions DNSSEC. A security vulnerability exists in Knot DNS. An attacker could explo...

UBUNTU-CVE-2017-11104

Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check...