725 matches found
CVE-2018-18997
The CVE-2018-18997 issue affects ABB GATE-E1 and GATE-E2 gateway Ethernet devices used in Pluto Safety PLC systems. The vulnerability stems from Improper Neutralization of Input During Web Page Generation (CWE-79): via the administrative web interface, an unauthenticated attacker can insert an HT...
ABB GATE-E1 and GATE-E2 Cross-Site Scripting Vulnerabilities
The ABB GATE-E1 and GATE-E2 are both Ethernet gateway devices from ABB Switzerland. A cross-site scripting vulnerability exists in ABB GATE-E1 EOL 2013 and GATE-E2 EOL OCT 2018, which can be exploited by a remote attacker to inject HTML/Javascript loads into arbitrary device property entries, whi...
ABB GATE-E2
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: GATE-E2 Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
The vulnerability of the Monitoring Manager component in the real-time data synchronization tool Oracle GoldenGate allows a hacker to gain full control over the application.
The vulnerability of the Monitoring Manager component in the real-time data synchronization tool Oracle GoldenGate arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain full control over the application using a TCP...
Gate Pass Management System 2.1 SQL Injection
Exploit Title: Gate Pass Management System 2.1 - 'login' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.livebms.com Software Link: https://netcologne.dl.sourceforge.net/project/gatepass/gpmsUpdate.zip Version: 2.1 Category: Webapps Tested on:...
Gate Pass Management System 2.1 - 'login' SQL Injection
Exploit Title: Gate Pass Management System 2.1 - 'login' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.livebms.com Software Link: https://netcologne.dl.sourceforge.net/project/gatepass/gpmsUpdate.zip Version: 2.1 Category: Webapps Tested on:...
South Gate Inn Online Reservation System 1.0 - q SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Exploit Title: South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/southgateinn0.zip...
Unspecified Vulnerability in Oracle GoldenGate (CNVD-2018-24130)
Oracle GoldenGate is the United States Oracle Oracle company for real-time data integration and replication in IT environments, a comprehensive software package, which supports real-time data integration, transactional change data capture, data services, transformation and validation capabilities...
Unspecified Vulnerability in Oracle GoldenGate (CNVD-2018-24129)
Oracle GoldenGate is the United States Oracle Oracle company for real-time data integration and replication in IT environments, a comprehensive software package, which supports real-time data integration, transactional change data capture, data services, transformation and validation capabilities...
angular-rome (>=0.2.4 <=0.2.9), api-gate (>=0.0.8 <=0.0.14) +74 more potentially affected by CVE-2018-16487 +1 more via lodash._basemerge (>=2.0.0 <=2.4.1)
lodash.basemerge NPM version =2.0.0, =0.2.4, =0.0.8, =0.1.2, =0.5.0, =0.0.3, =0.0.2, =0.0.0, =0.1.3, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.18, =1.1.16 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory: SNYK:JS-LODASHBASEMERGE-450200...
tapwhisky.com XSS vulnerability
Open Bug Bounty ID: OBB-663301 Description| Value ---|--- Affected Website:| tapwhisky.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability(CVE-2018-8120)
作者:bigric3 作者博客: 5月15日ESET发文其在3月份捕获了一个 pdf远程代码执行(cve-2018-4990)+windows本地权限提升(cve-2018-8120)的样本。ESET发文后,我从vt上下载了这样一份样本()。初步逆向,大致明确如外界所传,该漏洞处于开发测试阶段,不慎被上传到了公网样本检测的网上,由ESET捕获并提交微软和adobe修补。测试特征字符串如下 定位样本中关键的代码并调试分析...
gate-project.org XSS vulnerability
Open Bug Bounty ID: OBB-614247 Description| Value ---|--- Affected Website:| gate-project.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-2832
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. The supported version that is affected is 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate...
kubernetes security update
1.9.1-2.1.5 - Production built 1.9.1-2.1.5 - Fix the upgrade version check - Remove w/a from Orabug 27125915 1.9.1-2.1.4.dev - Make sure worker node upgrade properly - Orabug 27649898 1.9.1-2.1.3.dev - Ensure that the runtime mounts RO volumes read-only CVE-2017-1002102 - Update Dashboard version...
angular-rome (>=0.2.4 <=0.2.9), api-gate (>=0.0.8 <=0.0.14) +74 more potentially affected by CVE-2018-3721 via lodash._basemerge (>=2.0.0 <=2.4.1)
lodash.basemerge NPM version =2.0.0, =0.2.4, =0.0.8, =0.1.2, =0.5.0, =0.0.3, =0.0.2, =0.0.0, =0.1.3, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.18, =1.1.16 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHBASEMERGE-450201...
A week in security (January 15 – January 21)
Last week on Labs, we gave you some background information about cookies, specifically which ones to worry about and why. We also warned you about scams surrounding the Mega Millions winner, who promised to donate his money to good causes. We analyzed a cryptocurrency miner using a very old...
A coin miner with a “Heaven’s Gate”
You might call the last two years the years of ransomware. Ransomware was, without a doubt, the most popular type of malware. But at the end of last year, we started observing that ransomware was losing its popularity to coin miners. It is very much possible that this trend will grow as 2018...
gate-project.org XSS vulnerability
Open Bug Bounty ID: OBB-522993 Description| Value ---|--- Affected Website:| gate-project.org Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...