Schneider Electric U.motion Builder loadtemplate remote code execution vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder loadtemplate. The underlying SQLite database query requires SQL injection on the tpl input parameter. A remote attacker could exploit this...

CVE-2016-2104

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the label parameter to admin/BunchDetail.do; 2 the packagename, 3 searchsubscribedchannels, or 4 channelfilter parameter to software/packages/NameOverview.d...

CVE-2017-0318

All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system...

SQL Injection Vulnerability in LMID Parameter of United Technologies Healthcare System

Lianzhong Technology Medical System is a medical and health system application software of Zhejiang Lianzhong Intelligence Technology Co. A SQL injection vulnerability exists in the LMID parameter of the Lianzhong Technology Medical System, as the program fails to properly filter the LMID...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c file of Qualcomm’s Android operating system is related to insufficient checking of input parameters. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through a specially created application...

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c file of Qualcomm’s Android operating system is related to insufficient checking of input parameters. Exploiting this vulnerability can allow a remote attacker to obtain confidential information through a specially created...

SQL injection vulnerability exists in the xzsp/gxxt/tjfx/list4xq.aspx page of the approval system of Handan Lianbang Software Development Co.

The Administrative Approval System AAS is a system that helps to improve the efficiency of administrative authorization and the level of government services. SQL injection vulnerability exists in the approval system of Handan Lianbang Software Development Co. The injection file:...

USN-2530-1: Linux kernel vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

USN-2528-1: Linux kernel vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

CSP MySQL User Manager 2.3 SQLi Vulnerability

CSP MySQL User Manager is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability

High-Tech Bridge reports: Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...

SuSE 11.1 Security Update : Java 1.6.0 (SAT Patch Number 5845)

java-160-openjdk was updated to the IcedTea 1.11.1 b24 release, fixing multiple security issues : - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687,...

java-1.6.0-openjdk security update

1:1.6.0.0-1.43.1.10.6 - Updated to IcedTea6 1.10.6 - Resolves: rhbz787144 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687: Issues with TimeZone class - S7110700: Enhance exception...

CMS Faethon 'info.php' SQL Injection Vulnerability

CMS Faethon is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Joomla Xeslidegalf Component SQL Injection Vulnerability

This host is running Joomla Xeslidegalf component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacomxeslidegalfsqlinjvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ Joomla Xeslidegalf Component SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright ...

Musicbox SQL Injection and Cross Site Scripting Vulnerabilities

Musicbox is prone to SQL injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ampache <= 3.5.4 Reflected XSS Vulnerability - Active Check

Ampache is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK JAR "unpack200" must verify input parameters (6902299)

Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

Cross-Site Scriting on Portwise SSL VPN v4.6

PR09-04: Cross-Site Scriting on Portwise SSL VPN v4.6 Vulnerability found: 25th March 2009 Vendor informed: 28th April 2009 Vulnerability fixed: Severity: Medium Description: The Portwise portal login page is vulnerable to XSS. Portwise is a SSL-VPN portal. Note: Other version might be affected a...

PHP Remote File Inclusion

Added: 01/28/2010 Background PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file. Problem The PHP script is vulnerable to a remote fi...