Online Shopping Portal 3.1 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass Exploit Author: Ümit Yalçın Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10 / WampServer 1- Authentication Bypass Go to...

Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting

Exploit Title: Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-26 Exploit Author: that faceless coderInveteck Global Vendor Homepage: https://phpgurukul.com/ Software Link:...

Moderate: Red Hat Security Advisory: sqlite security and bug fix update

An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

RHEL 8 : sqlite (RHSA-2020:1810)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a singl...

Malicious Package

Overview batch-insert is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using batch-insert...

Design/Logic Flaw

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Preferences. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical...

Design/Logic Flaw

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Calendar. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced...

CVE-2020-2842

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite component: Estimate and Actual Charges. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot...

CVE-2020-2785

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

Privilege Escalation

dovecot is vulnerable to privilege escalation. A flaw was found in the Dovecot ACL plug-in. User with only insert permissions for a mailbox could use the "COPY" and "APPEND" commands to set additional message flags...

MicroStrategy Web Cross-Site Scripting Vulnerability (CNVD-2020-23180)

Microstrategy Web is a set of U.S. Microstrategy's enterprise data analysis platform. The platform features data discovery, data visualization and report generation. A cross-site scripting vulnerability exists in the HTML Container and Insert Text features in Microstrategy Web version 10.4. The...

CVE-2020-11454

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

CVE-2020-11454

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

Cross site scripting

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

CVE-2020-11454

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)

According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL...

ImageMagick: out-of-bounds write in InsertRow function in coders/cut.c

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write...

CVE-2018-10925

It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...