Lucene search
+L

266 matches found

osv
osv
added 2018/04/04 12:29 a.m.4 views

CVE-2018-9247

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

9.8CVSS6.1AI score0.01577EPSS
Exploits1References1
prion
prion
added 2018/04/04 12:29 a.m.14 views

Code injection

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

7.5CVSS9.8AI score0.01577EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2018/04/04 12:0 a.m.20 views

CVE-2018-9247

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

9.9AI score0.01577EPSS
Exploits1References1
openbugbounty
openbugbounty
added 2017/11/22 12:26 a.m.12 views

getintorugby.worldrugby.org XSS vulnerability

Open Bug Bounty ID: OBB-428578 Description| Value ---|--- Affected Website:| getintorugby.worldrugby.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

6.4AI score
Exploits0
cvelist
cvelist
added 2017/09/14 1:0 p.m.27 views

CVE-2017-1002003

Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com...

9.4AI score0.12435EPSS
Exploits4References4
slackware
slackware
added 2017/06/29 9:35 p.m.39 views

[slackware-security] libgcrypt

New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libgcrypt-1.7.8-i586-1slack14.2.txz: Upgraded. Mitigate a local flush+reload side-channel attack on RSA secret keys dubbed "Slidin...

6.8CVSS6.9AI score0.03885EPSS
Exploits0
freebsd
freebsd
added 2017/06/29 12:0 a.m.32 views

libgcrypt -- side-channel attack on RSA secret keys

GnuPG reports: Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster"...

6.8CVSS2.4AI score0.03885EPSS
Exploits0References1
osv
osv
added 2017/03/30 7:59 a.m.15 views

CVE-2017-7290

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program...

7.2CVSS8.5AI score0.02299EPSS
Exploits1References2
nvd
nvd
added 2017/03/30 7:59 a.m.18 views

CVE-2017-7290

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program...

7.2CVSS7.3AI score0.02299EPSS
Exploits1References2
prion
prion
added 2017/03/30 7:59 a.m.17 views

Sql injection

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program...

6.5CVSS7.3AI score0.02299EPSS
Exploits1References2Affected Software1
cnvd
cnvd
added 2016/11/14 12:0 a.m.3 views

Unauthorized access vulnerability in Haier wireless routers

Haier wireless routers are wireless smart routers. An unauthorized access vulnerability exists in the Haier Wireless Router. It allows an attacker to bypass privilege authentication and log into a system device...

7.1AI score
Exploits0
metasploit
metasploit
added 2016/09/28 6:55 p.m.37 views

MYSQL Directory Write Test

Enumerate writeable directories using the MySQL SELECT INTO DUMPFILE feature, for more information see the URL in the references. Note: For every writable directory found, a file with the specified FILENAME containing the text test will be written to the directory. This module requires Metasploit...

7AI score
Exploits0
bdu_fstec
bdu_fstec
added 2016/07/06 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

Google Chrome browser contains a vulnerability related to memory reuse after deallocation use-after-free error in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp of Blink. Exploiting this vulnerability allows malicious actors to cause system failures or other adverse...

7.5CVSS8AI score0.02272EPSS
Exploits1References3Affected Software1
hackapp
hackapp
added 2016/04/01 9:41 a.m.16 views

Into the Dead - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Into the Dead published at the 'play' market has multiple vulnerabilities...

Exploits0References1Affected Software1
osv
osv
added 2016/01/12 8:59 p.m.4 views

DEBIAN-CVE-2015-8396

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM aka GDCM before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow...

10CVSS8.4AI score0.16803EPSS
Exploits4References1
ptsecurity
ptsecurity
added 2016/01/12 12:0 a.m.4 views

PT-2016-3899 · Gdcm · Grassroot Dicom

Name of the Vulnerable Software and Affected Versions: Grassroots DICOM aka GDCM versions prior to 2.6.2 Description: The issue is related to an integer overflow in the ImageRegionReader::ReadIntoBuffer function, which can be triggered by crafted header dimensions in a DICOM image file. This can...

10CVSS8.3AI score0.16803EPSS
Exploits4References15
osv
osv
added 2015/09/22 12:0 a.m.3 views

UBUNTU-CVE-2015-4519

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element...

4.3CVSS7.4AI score0.02732EPSS
Exploits0References5
attackerkb
attackerkb
added 2015/09/15 6:59 p.m.5 views

CVE-2015-6947

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6946. Reason: This issue was MERGED into CVE-2015-6946 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2015-6946...

9.3CVSS5.8AI score0.19984EPSS
Exploits1References1
attackerkb
attackerkb
added 2015/08/04 2:59 p.m.5 views

CVE-2014-7234

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7233. Reason: This issue was MERGED into CVE-2014-7233 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-7233...

10CVSS7.3AI score0.01679EPSS
Exploits0References1
nessus
nessus
added 2015/05/20 12:0 a.m.28 views

SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0745-1)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through...

7.2CVSS7.1AI score0.0057EPSS
Exploits0References5
Rows per page
Query Builder