WordPress Plugin Car Rental System 2.5 - SQL Injection

WordPress Plugin Car Rental System 2.5 - SQL Injection Exploit Title: Car Rental System v2.5 Date: 28/03/2017 Exploit Author: TAD GROUP Vendor Homepage: https://www.bestsoftinc.com/ Software Link: https://www.bestsoftinc.com/car-rental-system.html Version: 2.5 Contact: infoattad.group Website:...

MySQL Cluster 7.4.x < 7.4.15 DD Subcomponent Arbitrary Data Manipulation (April 2017 CPU)

The version of MySQL Cluster running on the remote host is 7.4.x prior to 7.4.15. It is, therefore, affected by an arbitrary data manipulation vulnerability in the DD subcomponent due to an unspecified flaw. An authenticated, remote attacker can exploit this to update, insert, or delete arbitrary...

MySQL Cluster 7.5.x < 7.5.6 DD Subcomponent Arbitrary Data Manipulation (April 2017 CPU)

The version of MySQL Cluster running on the remote host is 7.5.x prior to 7.5.6. It is, therefore, affected by an arbitrary data manipulation vulnerability in the DD subcomponent due to an unspecified flaw. An authenticated, remote attacker can exploit this to update, insert, or delete arbitrary...

MySQL Cluster 7.3.x < 7.3.17 DD Subcomponent Arbitrary Data Manipulation (April 2017 CPU)

The version of MySQL Cluster running on the remote host is 7.3.x prior to 7.3.17. It is, therefore, affected by an arbitrary data manipulation vulnerability in the DD subcomponent due to an unspecified flaw. An authenticated, remote attacker can exploit this to update, insert, or delete arbitrary...

Palo Alto Networks PAN-OS 7.0.x < 7.0.14 / 7.1.x < 7.1.9 Multiple Vulnerabilities (PAN-SA-2017-0008 - PAN-SA-2017-0010)

The version of Palo Alto Networks PAN-OS running on the remote host is 7.0.x prior to 7.0.14 or 7.1.x prior to 7.1.9. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Management Web Interface due to improper validation of certain request parameters. An authenticated...

Cimetrics BACnet Explorer 4.0 XXE Injection

Cimetrics BACnet Explorer 4.0 XXE Vulnerability Vendor: Cimetrics, Inc. Product web page: https://www.cimetrics.com Affected version: 4.0.0.0 Summary: The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Desc: BACnetExplorer suffers from an XML External Enti...

Cimetrics BACnet Explorer 4.0 - XML External Entity Injection

Cimetrics BACnet Explorer 4.0 XXE Vulnerability Vendor: Cimetrics, Inc. Product web page: https://www.cimetrics.com Affected version: 4.0.0.0 Summary: The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Desc: BACnetExplorer suffers from an XML External Enti...

LogoStore - &#039;query&#039; SQL Injection

Exploit Title: LogoStore - SQL Injection Date: 27.01.2017 Software Link: https://codecanyon.net/item/logostore-buy-and-sell-logos-online/19379630 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview LogoStore is a web...

Itech News Portal Script 6.28 SQL Injection

Exploit Title: Itech News Portal Script v6.28 a SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/news-portal-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

Itech Dating Script 3.26 - SQL Injection

Exploit Title: Itech Dating Script v3.26 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/dating-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview...

Itech News Portal Script 6.28 - &#039;inf&#039; SQL Injection

Exploit Title: Itech News Portal Script v6.28 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/news-portal-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

Itech Video Sharing Script 4.94 - &#039;v&#039; SQL Injection

Exploit Title: Video Sharing Script 4.94 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/video-sharing-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

Itech Freelancer Script 5.13 - SQL Injection

Exploit Title: Itech Freelancer Script v5.13 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/freelancer-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

Itech Dating Script 3.26 - SQL Injection

Itech Dating Script 3.26 - SQL Injection Exploit Title: Itech Dating Script v3.26 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/dating-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com...

My Photo Gallery 1.0 SQL Injection

Introduction Exploit Title: My Photo Gallery a SQL Injection Date: 27.01.2017 Vendor Homepage: http://software.friendsinwar.com/ Software Link: http://software.friendsinwar.com/news.php?readmore=40 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web...

Maian Weblog 4.0 - SQL Injection

Maian Weblog 4.0 - SQL Injection Introduction Exploit Title: Maian Weblog – SQL Injection Date: 27.01.2017 Vendor Homepage: http://www.maianweblog.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Simple blog system...

My Photo Gallery 1.0 - SQL Injection

My Photo Gallery 1.0 - SQL Injection Introduction Exploit Title: My Photo Gallery – SQL Injection Date: 27.01.2017 Vendor Homepage: http://software.friendsinwar.com/ Software Link: http://software.friendsinwar.com/news.php?readmore=40 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom...

WordPress Symposium Plugin SQL Injection (CVE-2015-6522)

An SQL injection vulnerability exists in the WordPress Symposium Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

Updated libarchive packages fix security vulnerability

The updated packages fix several security vulnerabilities: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with...

CVE-2016-7125

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection...