1470 matches found
Updated mysql-connector-java package fixes security vulnerability
Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL...
Shopify: SSRF via 'Insert Image' feature of Products/Collections/Frontpage
Hi Security team, I would like to report an another SSRF issue like my previous bug 67377 https://hackerone.com/reports/67377. The description, threats, risks, exploatations are the same. The base request is the following POST /admin/settings/files.json HTTP/1.1 Host: test-4925.myshopify.com...
php: NULL pointer dereference in pgsql extension
A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pginsert or pgselect could cause a PHP application to crash...
CVE-2015-0986
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey 1 set or 2 get command...
Design/Logic Flaw
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...
Simple Invoice 2011.1 Cross Site Request Forgery
Affected software: simple invoice Type of vulnerability:adding admin user via csrf URL:simpleinvoices.org Discovered by: provensec Website: provensec.com version:2011.1 Proof of concept...
Agilent Technologies Feature Extraction AnnotationX.AnnList.1 ActiveX Control Arbitrary Code Execution Vulnerability
Agilent Technologies Feature Extraction is a set of feature extraction software for automatically reading and processing image files from multiple original chips from Agilent Technologies. A security vulnerability exists in Agilent Technologies Feature Extraction's AnnotationX.AnnList.1 ActiveX...
CVE-2015-2092
The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to "Index Out-Of-Bounds."...
嘉缘人才系统sql注入#3
简要描述: 求20rank 详细说明: 首先看到frcms\member\requireslist.php if$do=="savedata" if$POST'id'=="" $POST'sid'=intval$Memberid; $POST'member'=getcookie'userlogin'; $POST'school'=getcookie'username'; ifempty$POST'title' showmsg'标题不能为空!','-1';exit; $POST'adddate'=date'Y-m-d H:i:s';...
(0Day) Agilent Technologies Feature Extraction ActiveX Control Index Out-Of-Bounds Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Agilent Technologies Feature Extraction. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the INSERT page in Cisco Prime Infrastructure PI allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868...
CVE-2014-2152
Cisco Prime Infrastructure (PI) contains a Cross-Site Request Forgery (CSRF) vulnerability on the INSERT page that could allow an unauthenticated/remote attacker to hijack the authentication of an authenticated PI user and perform actions on behalf of that user. Root cause is insufficient CSRF pr...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...
CVE-2015-1373
Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...
PHPAPP注入第九枚(insert无视过滤)
简要描述: PHPAPP注入第九枚(insert无视过滤) 详细说明: 在wooyun上看到了有人提了PHPAPP的漏洞: http://wooyun.org/bugs/wooyun-2010-055604,然后去官网看了看,前几天刚有更新,就在官网下了PHPAPP最新的v2.6来看看2014-12-11更新的。 PSOT注入点:wwww.xxx.com/member.php?action=1&app=43&cid=2&rid=-1, 存在漏洞的文件在/phpapp/apps/refund/memberphpapp.php...
74cms最新版 二次注入
简要描述: 详细说明: 74cms 20141128最新版 漏洞文件:/wap/plus/wapajax.php 610-654行: elseif $act == 'invitedadd' $smarty-cache = false; $resume=resumeone$POST"resumeid"; $jobs=jobsone$POST"jobsid"; if$SESSION'utype'!=1 exit"企业会员请登录后邀请面试"; if checkinterview$POST"resumeid",$POST"jobsid",$SESSION'uid' exit"repeat";...
Supesite 前台注入 #2 (Insert)
简要描述: Insert 无视GPC 装supesite会有ucenter 如果在一个裤的话 可以尝试把uckey注入出来 然后…… 详细说明: 来看看全局文件 if!getmagicquotesgpc $GET = saddslashes$GET; $POST = saddslashes$POST; $COOKIE = saddslashes$COOKIE; 判断gpc 是否开启 如果没有开启 就对get post cookie 转义 这里没有对files转义。 在batch.upload.php中 elseif !empty$POST //如果POST不为空 //编辑标题...
mongodb: memory over-read via incorrect BSON object length
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service crash or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read...
DEBIAN-CVE-2014-3507
Memory leak in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via zero-length DTLS fragments that trigger improper handling of the return value of a certain...
Memory corruption
Memory leak in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via zero-length DTLS fragments that trigger improper handling of the return value of a certain...