6 matches found
Apereo CAS Authorization Issues Vulnerability
Apereo CAS is a web-based enterprise multilingual single sign-on solution. A security vulnerability exists in Apereo CAS 7.0.0-RC7 and earlier versions, which originates in the jakarta.servlet.http.HttpServletRequest.getRemoteAddr method that allows bypassing multiple authentications...
SOCKS5 Proxy Package for Go 安全漏洞
SOCKS5 Proxy Package for Go is an open source SOCKS5 proxy library for Go by Bitcoin in Go. SOCKS5 Proxy Package for Go suffers from a security vulnerability that stems from the fact that the RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loo...
Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-23732)
Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the handling of the gotoURL method of the host object in Foxit Reader 9.2.0.9297 and...
SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System
Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C Multi-User Mall System v2.1.3 SQL injection vulnerability exists in the address and index methods, due to the system fails to filter user-supplied parameters. An attack...
SQL Injection Vulnerability in add_address Method of ShopSn V2.0 Mall System
ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of open source online store full network system. A SQL injection vulnerability exists in the userid parameter in the addaddress method of t...
Microsoft Now Using IP Address to Map Malware Infections
Microsoft has a new way of determining the geolocation of systems infected with malware, and it had subtle but relevant effects on the 11th volume of the Microsoft Security Intelligence Report. It’s a novel concept, instead of relying on an administrator-specified setting that anyone with hands a...