CVE-2017-9449

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible ...

Fastspot BigTree CMS SQL Injection Vulnerability (CNVD-2017-08541)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in Fastspot BigTree CMS version 4.2.18 and earlier. The vulnerability can be exploited by remote attackers to execute arbitrary SQL...

NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion Vulnerabilities

Exploit for jsp platform in category web applications ''' Exploit Title: Add User Account with Admin Privilege without Login & Local File Inclusion Date: 2017-05-21 Exploit Author: f3ci Vendor Homepage: http://www.netgain-systems.com Software Link:...

UBUNTU-CVE-2017-8310

Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process causing a denial of service via a crafted subtitles file...

Linux kernel denial of service vulnerability (CNVD-2017-07507)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the 'sctpv6createacceptsk' function in the net/sctp/ipv6.c file in Linux kernel versions 4.11.1 and earlier, which stems from the...

PT-2017-2223 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue is related to the sctp v6 create accept sk function in net/sctp/ipv6.c, which mishandles inheritance. This allows local users to cause a denial of service or possibly have other...

Cross site scripting

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announcecontent parameter in an index.php?/modcp/announcements/&action=create request. This is...

SQL injection vulnerability in the create_share.php page of TreeHole's external link system

Treehole external chain system is a free and open source PHP external chain network disk system, support for seven cattle, local, remote three kinds of storage methods, support for multi-user system. Treehugger createshare.php page SQL injection vulnerability , because the program fails to filter...

Privilege control logic vulnerability in Zendo project management software

Zendo is an open source project management software. The authorize function in the backend module\user\model.php of the Zendo project management software has a privilege control logic vulnerability, which leads to the users in the upper management group privilege 9 to use the create and update...

Jenkins User Login Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Jenkin...

Oracle Marketing Unauthorized Operation Vulnerability (CNVD-2017-06406)

Oracle E-Business Suite E-Business Suite is Oracle's fully integrated suite of global business management software, of which Oracle Marketing is a component for managing marketing-related information and processes. A security vulnerability exists in the User Interface subcomponent of the Oracle...

Cross-site Scripting (XSS)

manila-ui is vulnerable to reflected cross-site scripting XSS. The Create Share form takes user-supplied metadata and passes it to a call to marksafe. This allows remotely authenticated, but unprivileged users to insert JavaScript code...

CVE-2016-6519

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

DEBIAN-CVE-2016-6519

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

CVE-2016-6519

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

CVE-2016-6519

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

Unitrends Enterprise Backup File Upload Vulnerability

Unitrends Enterprise Backup is backup software that incorporates cloud continuity services to ensure the recovery of your virtual, physical and cloud data, systems and applications. A file upload vulnerability exists in the createReportName and saveReport functions in Unitrends Enterprise Backup'...

Apple WebKit Safari 10.0.2(12602.3.12.0.1) - PrototypeMap::createEmptyStructure Universal Cross-Site Scripting

Apple WebKit Safari 10.0.212602.3.12.0.1 - PrototypeMap::createEmptyStructure Universal Cross-Site Scripting jsCallee // newTarget may be an InternalFunction if we were called from Reflect.construct. JSFunction targetFunction = jsDynamicCastnewTarget; if LIKELYtargetFunction ... return...

Apple WebKit: UXSS via PrototypeMap::createEmptyStructure

When creating an object in Javascript, its |Structure| is created with the constructor's prototype's |VM|. Here's some snippets of that routine. Structure InternalFunction::createSubclassStructureExecState exec, JSValue newTarget, Structure baseClass ... if newTarget && newTarget != exec-jsCallee...

QEMU 'hw/9pfs/9p.c' has multiple denial of service vulnerabilities

QEMU is an open source emulator software. QEMU suffers from a denial of service vulnerability in the v9fscreate, v9fslcreate functions in hw/9pfs/9p.c, which allows a local attacker to exploit the vulnerability by submitting a special request to crash the application...