Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails.The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow a...

MySQL: Вытягивание записей в строку с использованием встроенной функции insert

Все вы знаете о выводе колонок MySQL таблицы в одну строку, итак, встречаем - Четвертый метод! Но об этом немного позже, а сейчас вспомним то, что имеется на сегодняшний день. Из статьи Dr.Z3r0: MySQL SQL Injection полный FAQ: 1. groupconcat + Простое использование, небольшой размер - Ограничение...

Road passenger Baba stored in plain text and any password get-vulnerability warning-the black bar safety net

Brief description: Password stored in plain text plus cross-site worms, you know Detailed description: Register road passenger Baba sent a message, the message content for the test code as /textareascriptalertdocumeng. cookie/script I registered two account xxoo2013 and xxoo2014, the password is ...

CVE-2012-5182

The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application...

Design/Logic Flaw

The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application...

CVE-2012-5182

Loctouch for Android (3.4.6 and earlier) is vulnerable due to improper handling of implicit intents, enabling a crafted Android application to access sensitive logged location information. Affected product is Loctouch for Android; the root cause is implicit-intent handling. Impact, as described i...

CVE-2012-5182

The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application...

Loctouch for Android vulnerable in handling of implicit intents

Overview Loctouch for Android contains a vulnerability in the handling of implicit intents. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...

JVN#42625179: Loctouch for Android vulnerable in handling of implicit intents

Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Impact Location logs that include non-public information may be leaked to a third party through a malicious Android application...

CVE-2012-4005

The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application...

LINE for Android vulnerable in handling of implicit intents

Overview LINE for Android contains a vulnerability in the handling of implicit intents. LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...

JVN#67435981: LINE for Android vulnerable in handling of implicit intents

LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Impact Information such as messages sent by LINE may be leaked to a third party through a malicious application. Solution Update...

Researchers Identify Serious Capability Leaks in Many Android Phones

Many of the apps that come pre-installed on a variety of Android devices from manufacturers such as HTC, Samsung, Google and others have access to more services and capabilities on the devices than they should or that users are aware they have, according to new research. These “capability leaks”...

Discover MaosinCMS website system vulnerability testing-vulnerability warning-the black bar safety net

The recent move easy CMS vulnerability can be said to really was a fire, this article written by CMS although there is no move-powerful, but also the presence of injection vulnerabilities. This vulnerability with the tool is swept less than, can be said that the injection has been made by explici...

Safe: Intended restriction bypass via object references

The Safe aka Safe.pm module before 2.25 for Perl allows context-dependent attackers to bypass intended 1 Safe::reval and 2 Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the a...

CVE-2009-1160

Cisco Adaptive Security Appliances ASA 5500 Series and PIX Security Appliances 7.0 before 7.081, 7.1 before 7.1274, 7.2 before 7.249, and 8.0 before 8.045 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended...

Security Best Practice: Protect Yourself from MS-RPC and DCE-RPC Vulnerabilities

DCE/RPC stands for "Distributed Computing Environment / Remote Procedure Calls". It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having...

Double free

The pngcheckkeyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0'...

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...