SQL Injection Vulnerability in zabbix

zabbix is an open source enterprise performance monitoring solution. A SQL injection vulnerability exists in the insert method of the profileIdx2 parameter in zabbix's jsrpc. An attacker can log in to the zabbix management system without authorization, and can also directly obtain operational...

Oracle Communications Applications Unspecified Vulnerability in Oracle Communications EAGLE Application Processor Component

Oracle Communications is a suite of communications applications for rapidly delivering and monetizing digital lifestyle services from Oracle Corporation. the Oracle Communications EAGLE Application Processor is one of the platform components that provides Signaling Transmission Points STPs,...

DSA-3621-1 mysql-connector-java - security update

Bulletin has no description...

Unspecified Vulnerability in Oracle Financial Services Software Oracle FLEXCUBE Direct Banking Component (CNVD-2016-02479)

Oracle Financial Services Software is a set of Oracle's core banking, online banking and property management financial services software, of which Oracle FLEXCUBE Direct Banking is a set of Internet and mobile banking solution components. An unspecified vulnerability exists in the Pre-Login...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2016-02558)

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle.PeopleSoft Enterprise HCM Candidate Gateway is a self-service front-end to the Oracle PeopleSoft Enterprise Recruiting solution component. An unspecified vulnerability in the PIA Search Functionality...

WordPress Tidio Gallery Plugin <= 1.1 - Cross Site Scripting (XSS)

This vulnerability is in the php code /tidio-gallery/popup-insert-help.php. Solution Update the plugin...

Scientific Linux Security Update : mariadb on SL7.x x86_64 (20160404)

Security Fixes : - It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a...

UEFI firmware image viewer and editor: UEFITool

It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool ‘s structure mode with some additional features, but the program’s engine was prove...

WordPress NEX-Forms Lite Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . NEX-Forms Lite is one of the user-defined plugin to create forms . A cross-site scripting vulnerability exists in...

Drupal Token Insert Entity Module Information Disclosure Vulnerability

Drupal is a free and open source content management system developed in PHP.Token Insert Entity is one of the modules that provides the ability to embed tokens for opened entities or nodes. Drupal Token Insert Entity fails to properly check permissions, which can be exploited by remote attackers ...

CVE-2015-8602

The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered...

Code injection

The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered...

CVE-2015-8602

The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered...

CVE-2015-8602

The CVE-2015-8602 issue affects the Drupal Token Insert Entity module (7.x-1.x) prior to 7.x-1.1. The vulnerability arises from improper permission checks that let remote authenticated users with certain permissions bypass access restrictions and insert a token that embeds a rendered entity into ...

CVE-2015-8084

CVE-2015-8084 affects Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software prior to V300R001C10SPC600. When DHCP Snooping is enabled and option82 insert or option82 rebuild is active on an interface, devices fail to parse certain DHCP packets, enabling remote atta...

Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-06769)

Google Chrome is an open source WEB browser. The 'ContainerNode::parserInsertBefore' function in the core/dom/ContainerNode.cpp file in Blink used by Google Chrome has a security vulnerability that can be exploited by a remote attacker to bypass the same-origin policy, as a program still performs...

UBUNTU-CVE-2015-3863

Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399...

Updated mysql-connector-java package fixes security vulnerability

Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL...

Shopify: SSRF via 'Insert Image' feature of Products/Collections/Frontpage

Hi Security team, I would like to report an another SSRF issue like my previous bug 67377 https://hackerone.com/reports/67377. The description, threats, risks, exploatations are the same. The base request is the following POST /admin/settings/files.json HTTP/1.1 Host: test-4925.myshopify.com...

php: NULL pointer dereference in pgsql extension

A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pginsert or pgselect could cause a PHP application to crash...