7426 matches found
Joombri Freelance, pre 1.6.5, SQLi
JoomBri freelance extension pre 1.6.5. suffers major sqli exploit. No contact from developer, Notified by Ruth Cheesley...
TYPO3 Developer Log Extension SQL Injection Vulnerability
TYPO3 is a free and open source content management system, and Developer Log is one of the log extension plugins. A SQL injection vulnerability exists in the TYPO3 Developer Log extension, which allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to...
CVE-2015-4613
SQL injection vulnerability in the backend module in the Developer Log devlog extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the backend module in the Developer Log devlog extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-4613
SQL injection vulnerability in the backend module in the Developer Log devlog extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors...
Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Web Console v2 Whitelist Bypass Code Execution', 'Description' = %q This module exploits an IP whitelist bypass...
Crouton - Chromium OS Universal Chroot Environment
crouton is a set of scripts that bundle up into an easy-to-use, Chromium OS-centric chroot generator. Currently Ubuntu and Debian are supported using debootstrap behind the scenes, but "Chromium OS Debian, Ubuntu, and Probably Other Distros Eventually Chroot Environment" doesn't acronymize as wel...
chicken -- Potential buffer overrun in string-translate*
chicken developer Peter Bex reports: Using gcc's Address Sanitizer, it was discovered that the string-translate procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate. This issue was fix...
JVN#52478686: MilkyStep vulnerable to SQL injection
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Solution Update the Software Update to the latest version accordin...
JVN#05559185: MilkyStep vulnerable to OS command injection
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker. Solution Update the Software Update to the latest version according to the...
Apple Mac OS X 10.11 'El Capitan' Update unveiled at WWDC 2015
After Google made its Android users happy by unveiling new features in Google I/O developer conference last month, it’s now time for Apple fans…WWDC 2015 event is upon us. Apple’s Worldwide Developers Conference is going on in San Francisco and the company has many new surprises for its users. On...
Author Behind Ransomware Tox Calls it Quits, Sells Platform
Earlier this week, when the author behind the crypto-ransomware Locker apologized and released decryption keys for his victims, it seemed like a change of heart, uncharacteristic for an attacker. Now another ransomware creator has also decided to cut his losses and get out of the game – but not...
Malicious Minecraft apps affect 600,000 Android Users
So you love Minecraft? You might want to be very careful before downloading the cheats for the popular Minecraft game from Google Play Store. Nearly 3 Million users have downloaded malicious Minecraft Android applications for their smartphone and tablets from the Google Play store, security...
(0Day) Visual Mining NetCharts Server Arbitrary File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Visual Mining NetCharts Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Developer tools. An attacker can use the projectContents.jsp page t...
OS Property - Joomla Real Estate sqli pre 2.8.1
OS Property - Joomla Real Estate sqli 12th May 2014 - New version 2.8.1 ============== Bug Fixed =============== 1. SQL Injection solved developer did not inform VEL...
Google Changes Policy on Chrome Extensions
Google is rolling out a new policy that will force all Windows and Mac users to install Chrome extensions only from the Chrome Web store. The company last year began enforcing this policy for Windows users on the main, stable channel for Chrome. Google offers several different channels for Chrome...
WordPress Developer Formatter Plugin <= 2013.0.1.40 - Cross Site Scripting
This plugin is prone to a devformatter.php multiple field cross site scripting vulnerability. Solution Update the plugin...
Instant v2.0 SQL Injection Vulnerability
========================================================================================== Instant v2.0 SQL Injection Vulnerability ==========================================================================================...
Android M — Latest Google Android OS to be Unveiled This Month
While majority of smartphone users are waiting for Android 5.0 Lollipop update for their devices, Google is soon going to launch the next version of Android at its official Google I/O 2015 developer event May 28 in San Francisco. Android M — The name of the latest version of Android mobile...
WordPress Plugin Freshmail 1.5.8 - SQL Injection
Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Version: getrow'select from '.$wpdb-prefix.'fmforms where formid="'.$result'fmformid'.'";'...