LocalTapiola: SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi)

Basic report information Summary: Hi, The ctxvarsemail parameter in http://viestinta.lahitapiola.fi/webApp/lapsuudenturva, can be exploited to perform an SQL Injection Attack. The parameter is ctxvarsemail Description: The value inside the ctx tag , doesn't properly sanitized to user input, it ca...

Internet Bug Bounty: Invalid read when wddx decodes empty boolean element

Description ----------- I have found some vulnerable code in wddx extension. The trouble happens when trying to process 'boolean' tag. If I open tag without data, new stentry item WILL NOT be pushed into stack. When tag is closed and stack-top is greater than 1, stentry item at top of stack WILL ...

Yes, My Name is ||

Different cultures and nationalities have different naming conventions; I came from a one that led me to face the universe with a personal name "Or". I fact, my name has different meanings in different languages. In English the meaning of "Or" is function word that indicate alternatives and in...

NetBilleterie 2.8 SQL Injection / Information Disclosure

phpinfo 200 = http://localhost/netbilletterie/phpinfo.php SQL Injection Type: time-based blind 200 = http://localhost/netbilletterie/listerdetailbon.php?datedebut= 200 = http://localhost/netbilletterie/listerpointesok.php?datedebut= 302 = http://localhost/netbilletterie/deletearticle.php?article=...

NetBilleterie 2.8 SQL Injection / Information Disclosure

Exploit Title: NetBilletterie 2.8 | Multiple Vulnerabilities Date: 14/07/16 Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Vendor Homepage: http://net-billetterie.tuxfamily.org/ Software Link: https://sourceforge.net/projects/netbilletterie/files/ Demo Link:...

NetBilletterie 2.8 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: NetBilletterie 2.8 | Multiple Vulnerabilities Date: 14/07/16 Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Vendor Homepage: http://net-billetterie.tuxfamily.org/ Software Link:...

ALPINE-CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

UBUNTU-CVE-2016-7132

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddxdeserialize call, as...

Joyent Node.js UglifyJS Security Bypass Vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js UglifyJS allows remote attackers to alter functionality using specially crafted Javascript files, as the program fails to properly handle Non-Boolean comparisons...

PHPBack 1.3.0 - SQL Injection

/ + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-v1.3.0-SQL-INJECTION.txt Vendor: ================ www.phpback.org Product: ================ PHPBack v1.3.0 Vulnerability Type: =================== SQL Injection CVE Reference:...

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.8.3, 3.0.18, 3.1.13, and 3.2.6. These releases contain security fixes. 3.2.6 and 2.8.3 also contain bugfixes. Security Fixes These releases fix a weakness in...

SSO Authentication Bypass and Website Takeover in DOKEOS

High-Tech Bridge Security Research Lab discovered a high-risk vulnerability in a popular e-learning software DOKEOS. A remote unauthenticated attacker can bypass authentication process and login to the vulnerable website with an arbitrary account including administrator's one. Successful...

openssl security update

1.0.1e-51.1 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint 1.0.1e-51 - fix the CVE-2015-1791 fix broken server side renegotiation 1.0.1e-50 - improved fi...

openssh security, bug fix, and enhancement update

6.6.1p1-22 - Use the correct constant for glob limits 1160377 6.6.1p1-21 - Extend memory limit for remote glob in sftp acc. to stat limit 1160377 6.6.1p1-20 - Fix vulnerabilities published with openssh-7.0 1265807 - Privilege separation weakness related to PAM support - Use-after-free bug related...

Important: ganglia

Issue Overview: Ganglia-web auth can be bypassed using boolean serialization CVE-2015-6816. Affected Packages: ganglia Issue Correction: Run yum update ganglia or yum update --advisory ALAS-2015-612 to update your system. New Packages: i686: ganglia-gmetad-3.7.2-2.19.amzn1.i686 ...

Joomla JNews (com_jnews) Component 8.5.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management. Exploit Title: Joomla component comjnews - SQL injection Google Dork: inurl:option=comjnews Date: 2015-10-29 Explo...

Joomla! Component com_jnews 8.5.1 - SQL Injection

Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management. Exploit Title: Joomla component comjnews - SQL injection Google Dork: inurl:option=comjnews Date: 2015-10-29 Exploit Author: Omer Ramić Twitter:...

校无忧学校网站系统 TeachView.asp SQL注入漏洞

关键字简介有了。。 然后随便找一些网站 http://www.hainanez.com/TeachView.asp?id=33 http://www.lcztxx.com/TeachView.asp?id=1 http://www.yrenedu.com/TeachView.asp?id=37 http://www.tajx.com/TeachView.asp?id=25 http://nongxue.nyjj.net.cn/TeachView.asp?id=13 http://tuanwei.web.sdutcm.edu.cn/TeachView.asp?id=21...

Pligg CMS 2.0.2 - load_data_for_search.php SQL Injection

Pligg CMS 2.0.2 - loaddataforsearch.php SQL Injection Exploit Title: Pligg CMS 2.0.2 SQL injection Date: 29-08-2015 Exploit Author: jsass Vendor Homepage: http://pligg.com Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip Version: 2.0.2 Tested on: kali sana 2.0 Q8 Gray Hat Team...