15 matches found
CVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...
Adobe Flash MovieClip.localToGlobal - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=570 There is a use-after-free issue in MovieClip.localToGlobal. If the Number constructor is overwritten with a new constructor and MovieClip.localToGlobal is called with an integer parameter, the new constructor will get...
Adobe Flash TextField.setFormat - Use-After-Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=586 The TextField setFormat method contains a use-after-free. If an integer parameter has valueOf defined, or the object parameter overrides a constructor, this method ca...
Adobe Flash TextField.replaceText - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=584 There is a use-after-free in the TextField.replaceText function. If the function is called with a string parameter with toString defined, or an integer parameter with valueOf defined, the parent object of the TextFiel...
Adobe Flash TextField.tabIndex Setter - Use-After-Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=574 There is a use-after-free in the TextField.tabIndex setter. If the integer parameter is an object with valueOf defined, then it can free the TextField's parent, leadi...
Adobe Flash TextField.tabIndex Setter - Use-After-Free
Adobe Flash TextField.tabIndex Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=574 There is a use-after-free in the TextField.tabIndex setter. If the integer parameter is an object with valueOf defined, then it can free the TextField's parent,...
Adobe Flash MovieClip.localToGlobal - Use-After-Free
Adobe Flash MovieClip.localToGlobal - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=570 There is a use-after-free issue in MovieClip.localToGlobal. If the Number constructor is overwritten with a new constructor and MovieClip.localToGlobal is called wi...
Adobe Flash TextField.setFormat - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=586 The TextField setFormat method contains a use-after-free. If an integer parameter has valueOf defined, or the object parameter overrides a constructor, this method can free the TextField parent, which is subsequently...
Adobe Flash TextField.tabIndex Setter - Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=574 There is a use-after-free in the TextField.tabIndex setter. If the integer parameter is an object with valueOf defined, then it can free the TextField's parent, leading to a use-after-free. A minimal PoC follows: var...
WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection
Exploit Title: WordPress SP Project & Document Manager 2.5.3 Blind SQL Injection Google Dork: inurl:wp-content/plugins/sp-client-document-manager Date: 2015-03-04 Exploit Author: catsecurity Vendor Homepage: http://smartypantsplugins.com Software Link:...
Authentication flaw
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter...
Two Remote Code Execution Vulnerabilities in Internet Explorer
Vulnerability 1: Internet Explorer Select Element Remote Code Execution Original advisory: http://ifsec.blogspot.com/2011/10/internet-explorer-select-element-remote.html I. OVERVIEW There is a vulnerability in Internet Explorer which enables execution of arbitrary code if the user visits a web pa...
Design/Logic Flaw
JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sensitive information full path via an invalid integer in the version parameter to the default URI under attach/Main/...
PHP 5.2.3 - glob() Denial of Service
PHP 5.2.3 - glob Denial of Service milw0rm.com 2007-07-14...
CVE-2005-1885
view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message...