6734 matches found
AXIS Network Camera Cross Site Scripting Vulnerability
Exploit for hardware platform in category web applications I. ADVISORY INFORMATION ----------------------- Title: Axis Network Cameras Multiple Cross-site scripting Vendor: Axis Communications Class: Improper Input Validation CWE-20 CVE Name: CVE-2015-8256 Remotely Exploitable: Yes Locally...
AXIS Network Camera Cross Site Scripting
I. ADVISORY INFORMATION ----------------------- Title: Axis Network Cameras Multiple Cross-site scripting Vendor: Axis Communications Class: Improper Input Validation CWE-20 CVE Name: CVE-2015-8256 Remotely Exploitable: Yes Locally Exploitable: No OLSA-ID: OLSA-2015-8256 vulnerability -----------...
AXIS Communications XSS / Content Inclusion
0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...
AXIS Communications - Cross-Site Scripting Content Injection
AXIS Communications - Cross-Site Scripting Content Injection 0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs -...
AXIS Communications - Cross-Site Scripting / Content Injection
0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...
DEBIAN-CVE-2017-0318
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system...
Foxit Reader < 8.2 Multiple Vulnerabilities
Binary data 9898.prm...
CVE-2016-8437
Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR1009695...
CVE-2016-8440
Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR1036747...
CVE-2016-8437
Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR1009695...
CVE-2016-8437
CVE-2016-8437 describes an improper input validation in Android’s Access Control APIs, with the kernel 3.18 memory range check potentially mishandled. Affected product: Android (Kernel 3.18). Official description notes a memory-range check issue but does not provide exploit paths or a concrete fi...
Cisco Expressway 8.8.1 Internal Scanning
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2016-115 Product: Expressway Manufacturer: Cisco Affected Versions: below X8.9 Tested Versions: X8.8.1 Vulnerability Type: Improper Input Validation CWE-20 Risk Level: Medium Solution Status: Fixed Manufacturer Notification:...
NVIDIA Windows GPU Display Driver Local Elevation of Privilege Vulnerability (CNVD-2016-10567)
NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows from NVIDIA. A local elevation of privilege vulnerability exists in NVIDIA Windows GPU Display Driver, which arises from the program failing to properly validate values. A local attacker could...
Adobe Reader Memory Corruption (APSB16-33: CVE-2016-6943)
A memory corruption vulnerability has been reported in Adobe Reader. The vulnerability is due to improper input validation. A remote attacker could trigger this issue via a specially crafted PDF file...
Adobe Acrobat and Reader Heap Overflow (APSB16-33: CVE-2016-6939)
A heap overflow vulnerability exists in Adobe Reader. The vulnerability is due to improper input validation. A remote attacker could trigger this issue via a specially crafted PDF file...
Nuuo NVR Log Parameter Unauthenticated Remote Code Execution (CVE-2016-5674)
A remote code execution was discovered in Nuuo Network Video Recording systems with Network Attached Storage. The vulnerability is due to Improper Input Validation in log parameter. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...
Exponent CMS Arbitrary Code Execution Vulnerability
Exponent CMS employs an intuitive and flexible content editing system that allows website pages to be edited on-page as it is displayed. An arbitrary code execution vulnerability exists in Exponent CMS due to a failure to properly validate user input. An attacker could exploit the vulnerability t...
Moxa SoftCMS Vulnerabilities
OVERVIEW Zhou Yu working with Trend Micro’s Zero Day Initiative and Gu Ziqiang from Huawei Weiran Labs have identified vulnerabilities in Moxa’s SoftCMS Webserver Application. Moxa has produced an update to mitigate these vulnerabilities. Both researchers have tested the update to validate that i...
Security Advisory - Improper Input Validation Vulnerability in AnyMail
Huawei AnyMail has an improper input validation vulnerability when opening compressed email attachments. Successful exploit could cause AnyMail to crash and exit. Vulnerability ID: HWPSIRT-2016-06099 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2016-6826...
ask2 \control\message.php parameters messageid SQL injection
先来看看该套源码的整体防注入:GPC转义+360的防御正则 很粗暴有没有,不过这里利用的是数组全面绕过360的防御正则,然后找到一些没有单引号包含的点,从而绕过单引号转义,绕过这两个,自然可以无限制任意注入初始化过滤在D:\wamp\www\ask2V3.1.1\model\sowenda.class.php中initrequest函数,在大概第60行 $this-get = taddslashes$this-get, 1; $this-post = taddslashesarraymerge$GET, $POST; checkattack$this-post, 'post';...