CVE-2017-15877

The CVE-2017-15877 entry concerns GPWeb 8.4.61, where an Insecure Permissions issue in db.php allows remote attackers to view password and user databases. This is supported by multiple connected records (NVD entry and CNVD/PRION/CVELIST variants) referencing GPWeb 8.4.61 and information disclosur...

Realestate Crowdfunding Script 2.7.2 - pid SQL Injection

Realestate Crowdfunding Script 2.7.2 - pid SQL Injection Exploit Title: Realestate Crowdfunding Script 2.7.2 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/realestate-crowdfunding-script/ Demo:...

SurgeNews User Credentials

This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This module extracts the...

Blind SQL Injection

CloudFoundry User Account and Authentication UAA is vulnerable to blind SQL injections. A malicious user cause a blind SQL injection when executing a simple query to the user database...

CVE-2017-1000356

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in th...

Sql injection

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database...

DAHUA technology camera products unauthorized access vulnerability technical analysis and protection solution-vulnerability warning-the black bar safety net

Recently,the domestic well-known Camera/DVR manufacturer DAHUA technologyDahua Technologyfor their part of the product firmware upgrade the patch used to fix an important security issue. However, in official statement released before the discovery of this vulnerability, security experts Bashis...

Dahua Technology Camera Products Unauthorized Access Vulnerability

DH-IPC-HDW23A0RN-ZS, DH-IPC-HFW13A0SN-W, DHI-HCVR51A04HE-S3 are some of the many camera products from Dahua Technology. The unauthorized access vulnerability exists in Dahua's camera products, which allows an attacker to access the user database of a camera product with non-administrator...

Yahoo! Hack! How It Took Just One-Click to Execute Biggest Data Breach in History

In the digital world, it just takes one click to get the keys to the kingdom. Do you know spear-phishing was the only secret weapon behind the biggest data breach in the history? It’s true, as one of the Yahoo employees fell victim to a simple phishing attack and clicked one wrong link that let t...

FSB Officers, Criminal Hackers Indicted in Yahoo Breach

The U.S. Department of Justice today indicted four individuals, including two Russian FSB officers, it alleges are connected to a massive breach of Yahoo’s network and the theft of information associated with 500 million accounts. One of the men, Karim Baratov, 22, was arrested March 14 in Canada...

Anonymous Hacker took down over 10,000 Dark Web Sites; Leaked User Database

Dark Web is right now going through a very rough time. Just two days ago, a hacker group affiliated with Anonymous broke into the servers of Freedom Hosting II and took down more than 10,000 Tor-based .onion dark websites with an alarming announcement to its visitors, which said: "Hello, Freedom...

ikiwiki -- authentication bypass vulnerability

ikiwiki reports: The ikiwiki maintainers discovered further flaws similar to CVE-2016-9646 in the passwordauth plugin's use of CGI::FormBuilder, with a more serious impact: An attacker who can log in to a site with a password can log in as a different and potentially more privileged user. An...

CodoForum 3.2.1 SQL Injection

Advisory Information ======================================== Title : CodoForum = 3.2.1 Remote SQL Injection Vulnerability Vendor Homepage : https://codoforum.com/ Remotely Exploitable : Yes Versions Affected : Prior to 3.2.1 Tested on : Ubuntu Apache | PHP 5.5.9 | MySQL 5.5 Vulnerability : SQL...

lib32-openssl: multiple issues

CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...

openssl: multiple issues

CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2914-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2914-1 advisory. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs...

Ubuntu: Security Advisory (USN-2914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)

It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges...

Authentication flaw

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...

Revived Wire Media PHP File Manager Username Backdoor

An attacker might use a backdoor which exists in PHP File Manager's user database. A successful exploitation might allow the attacker to create an administrator user on vulnerable installations or to run arbitrary code...