The vulnerability of the Windows operating system allows a malicious attacker to execute a special application with privileges of the current user.

The Microsoft Windows operating system contains a vulnerability related to the presence of unauthorized tasks in the system. This vulnerability allows a malicious individual to execute a specially crafted application with privileges of the current user. If successful, the perpetrator will be able...

CVE-2015-3415

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service invalid free operation or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by...

CVE-2015-3415

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service invalid free operation or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by...

IBM InfoSphere BigInsights SQL Component Unauthorized Access Vulnerability

IBM InfoSphere BigInsights is a set of software platform for storing and analyzing "big data" from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data.Big SQL is one of the SQL interface components. A security...

CVE-2015-1889

The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via 1 a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or 2 an import of a certain Hive table definition with...

Design/Logic Flaw

The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via 1 a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or 2 an import of a certain Hive table definition with...

Oracle Support Tools SQL Trace Analyzer Component Remote Vulnerability

Oracle Support Tools is a set of Oracle Support Tools. SQL Trace Analyzer is one of the SQL trace analyzer components. A security vulnerability exists in the Create Session subcomponent of the SQL Trace Analyzer component of Oracle Support Tools, which can be exploited by remote attackers to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via 1 the search field in plugin/index.html or 2 the title field in the Create Featured Result form in admin/main.jsp...

win32/xp sp3 Create "file.txt" 83 bytes

win32/xp sp3 Create "file.txt" 83 bytes. Shellcode exploit for win32 platform / + Author: TUNISIAN CYBER + Title: Shellcode: win32/xp sp3 Create "file.txt" 83 bytes + Date: 15-04-2015 + Type: Local Exploits + Tested on: WinXp 32bit SP3 + Friendly Sites: sec4ever.com + Twitter: @TCYB3R + Credits:...

Oracle E-Business Suite suffers from a remote vulnerability (CNVD-2015-02471)

Oracle E-Business Suite is a new generation of e-business suite from Oracle. A remote security vulnerability exists in Oracle E-Business Suite. An attacker is allowed to exploit this vulnerability to compromise the 'Create Item Instance' subcomponent in the 'HTTP' protocol...

Oracle Database Server has a remote vulnerability (CNVD-2015-02522)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...

Oracle Database Server has a remote vulnerability (CNVD-2015-02521)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Create Item Instance...

CVE-2015-2565

Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Create Item Instance...

Unspecified Security Bypass Vulnerability in TYPO3

TYPO3 is a content management system. TYPO3 has a security vulnerability that allows remote editors to bypass security restrictions and access, modify, and create content for other editors...

KingCms最新版（k9）注入1枚

简要描述： KingCms最新版（k9）注入1枚 详细说明： 朋友的公司想购买kingcms的授权，让我帮忙看下。发现kingcms很长一段时间没更新了，憋了一段时间放出了最新版的k92014-12-13更新，官网下下来学习一下。 在wooyun上看到了几个漏洞，如： WooYun: kingcms最新版sql注入漏洞 注入点：POST /apps/jianli/index.php HTTP/1.1 注入参数：where 问题文件在/apps/jianli/index.php function create $u=new user;$u-authrole'jianli'; $db=new...

MongoDB Service Without Authentication Detection

MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without any authentication. A remote attacker can therefore connect to the database system in order to create, read, update, and delete documents, collections, and databases. T...

CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

Google Chrome Blink Arbitrary Code Execution Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability in the 'DragImage::create' function in the platform/DragImage.cpp file in Blink used in versions prior to Google Chrome 41.0.2272.76 stems from the program failing to properly initialize memory for image drawing. A...

CVE-2015-1227

The CVE-2015-1227 issue affects Google Chrome’s Blink rendering engine (DragImage::create in platform/DragImage.cpp). The root cause is uninitialized memory used for image drawing, as reported for Chrome versions prior to 41.0.2272.76. This memory initialization flaw could allow a remote attacker...