CVE-2019-4234

CVE-2019-4234 affects IBM PureApplication System versions 2.2.3.0–2.2.5.3. The issue is a weakness in the locking feature implementation in the pattern editor, allowing an attacker who intercepts subsequent requests to bypass business logic and modify a pattern to an unlocked state. The NVD entry...

CVE-2019-4234

IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416...

PT-2019-16982 · Ibm · Ibm Pureapplication System

Name of the Vulnerable Software and Affected Versions: IBM PureApplication System versions 2.2.3.0 through 2.2.5.3 Description: The issue is related to a weakness in the implementation of the locking feature in the pattern editor. An attacker can intercept subsequent requests to bypass business...

WampServer >= 3.1.3, <= 3.1.8 CSRF Vulnerability

WampServer is prone to a cross-site request forgery CSRF vulnerability. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the...

CVE-2019-11517

WampServer before 3.1.9 has CSRF in addvhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner...

CVE-2019-11517

WampServer before 3.1.9 has CSRF in addvhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner...

IBM PureApplication System pattern editor access control error vulnerability

IBM PureApplication System is a platform system from IBM USA designed for transactional Web and database applications. The system is capable of handling workloads, and all configurations can be maintained and updated from a single console. pattern editor is one of the graphical editors. An access...

FortiCASB data pattern name XSS vulnerability

Failure to sanitize input in the customized data pattern webpage of FortiCASBÂ may allow an authenticated attacker to conduct a stored XSS attack via the name parameter...

PasteShr 1.6 - Multiple SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: PasteShr - SQL İnj. Dork: N/A Date: 14-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

[SECURITY] Fedora 30 Update: rubygem-activerecord-5.2.3-1.fc30

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks

A bug hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically...

RUSTSEC-2019-0002 Bug in SliceDeque::move_head_unchecked corrupts its memory

Affected versions of this crate entered a corrupted state if mem::sizeof:: % allocationgranularity != 0 and a specific allocation pattern was used: sufficiently shifting the deque elements over the mirrored page boundary. This allows an attacker that controls controls both element insertion and...

Bug in SliceDeque::move_head_unchecked corrupts its memory

Affected versions of this crate entered a corrupted state if mem::sizeof:: % allocationgranularity != 0 and a specific allocation pattern was used: sufficiently shifting the deque elements over the mirrored page boundary. This allows an attacker that controls controls both element insertion and...

Wall Street Market reported to have exit scammed

Around April 20, many users reported that Wall Street Market, a broadly known dark net market, had executed an exit scam, and that any pending orders were unlikely to be completed. Scamming with enterprises involving Bitcoin is not unheard of, and dark net markets with centralized escrow are...

[SECURITY] Fedora 30 Update: python-yara-3.9.0-2.fc30

Python binding for the YARA pattern matching tool. YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each...

Clinic Pro 4 SQL Injection

Title: Clinic Pro - Clinic Management Software Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: It is developed by PHP Codeigniter...

Clinic Pro v4 - &#039;month&#039; SQL Injection

Title: Clinic Pro - Clinic Management Software Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: It is developed by PHP Codeigniter...

Clinic Pro v4 - month SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Clinic Pro - Clinic Management Software Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: ...

Job Portal 3.1 SQL Injection

=========================================================================================== Exploit Title: NewJobPortal v3.1 - 'jobsubmit' SQL Inj. Dork: N/A Date: 25-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://codecanyon.net/item/job-portal/15330095 Version: v3.1 Category:...

Job Portal 3.1 - job_submit SQL Injection

Job Portal 3.1 - jobsubmit SQL Injection =========================================================================================== Exploit Title: NewJobPortal v3.1 - 'jobsubmit' SQL Inj. Dork: N/A Date: 25-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...