CVE-2017-11422

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

The vulnerability of the virtio_gpu_object_create function in the Linux operating system, which allows a hacker to cause a service failure

The vulnerability of the virtiogpuobjectcreate function in the Linux operating system is related to a memory leak. Exploiting this vulnerability allows an attacker to cause a service failure memory consumption by triggering an initialization error...

Oracle Database Multiple Vulnerabilities (July 2017 CPU) (POODLE) (SWEET32)

The remote Oracle Database Server is missing the July 2017 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting...

CVE-2017-11174

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

Sql injection

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

The vulnerability of the `gdImageCreate` function in the GD Graphics Library allows a attacker to trigger a service failure.

The vulnerability of the gdImageCreate function in the GD Graphics Library exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure system slowdown by using an overly large image size...

How to Create Web Link for Specific Citrix Secure App in XenMobile Store

This article describes how to create web link for specific Citrix Secure App in XenMobile Store...

Alio Applicant Portal 6.0 SQL Injection

| \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | | / / | | | | | |/ / | | | | \ V / | | | . | --. \ | | | | | |...

CVE-2017-9605

The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...

DEBIAN-CVE-2017-9605

The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...

CVE-2017-6680

A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0...

Fastspot BigTree CMS SQL Injection Vulnerability (CNVD-2017-08707)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in Fastspot BigTree CMS 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Robert 0.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link :...

Robert 0.5 - Multiple Vulnerabilities

Robert 0.5 - Multiple Vulnerabilities Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link :...

Robert 0.5 - Multiple Vulnerabilities

Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link : https://github.com/RobertManager/robert/archive/master.zip Live demo :...

CVE-2017-9449

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible ...

Fastspot BigTree CMS SQL Injection Vulnerability (CNVD-2017-08541)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in Fastspot BigTree CMS version 4.2.18 and earlier. The vulnerability can be exploited by remote attackers to execute arbitrary SQL...

NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion Vulnerabilities

Exploit for jsp platform in category web applications ''' Exploit Title: Add User Account with Admin Privilege without Login & Local File Inclusion Date: 2017-05-21 Exploit Author: f3ci Vendor Homepage: http://www.netgain-systems.com Software Link:...

UBUNTU-CVE-2017-8310

Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process causing a denial of service via a crafted subtitles file...

Linux kernel denial of service vulnerability (CNVD-2017-07507)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the 'sctpv6createacceptsk' function in the net/sctp/ipv6.c file in Linux kernel versions 4.11.1 and earlier, which stems from the...