WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection

WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection . Exploit Title: WordPress: Webdorado Spider Event Calendar = 1.4.9 SQL Injection Date: 2015-02-12 Exploit Author: Mateusz Lach Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com Software Link:...

Amazon Linux AMI : php54 (ALAS-2014-450)

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. C Tenable Network Security, Inc. The descripti...

Medium: file

Issue Overview: An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. Affected Packages: file Issue...

LiveZilla < 5.3.0.8 XSS

The version of LiveZilla hosted on the remote web server is affected by an XSS vulnerability in the Mobile Client. This flaw is caused by improper validation of user-supplied input. This vulnerability allows an attacker to execute arbitrary code in the context of the victim's browser. %NASLMINLEV...

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

Amazon Linux AMI : php55 (ALAS-2014-435)

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. CVE-2014-3668 An integer overflow flaw was found in the way custom objects were unserialized...

file: cdf_check_stream_offset insufficient boundary check

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...

file: unrestricted regular expression matching

Multiple flaws were found in the File Information fileinfo extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU...

file: cdf_unpack_summary_info() excessive looping DoS

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...

php: heap corruption issue in exif_thumbnail()

A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application...

Important: php55

Issue Overview: An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. CVE-2014-3668 An integer overflow flaw was found in the way custom objects wer...

file: out of bounds read in CDF parser

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...

Amazon Linux AMI : file (ALAS-2014-382)

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. Buffer overflow in the mconvert function in...

file: incomplete fix for CVE-2012-1571 in cdf_read_property_info

It was found that the fix for CVE-2012-1571 was incomplete; the File Information fileinfo extension did not correctly parse certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...

file: extensive backtracking in awk rule regular expression

A denial of service flaw was found in the File Information fileinfo extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU...

Medium: file

Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. Buffer overflow in the mconve...

Discuz <= 7.2 SQL injection vulnerability details-vulnerability warning-the black bar safety net

Is said to be a digital company of the emergency response to the release out. The group inside the small partners are shocked, the specific vulnerability analysis see this article Wherein the In the senior PHP application vulnerability auditing techniques of1an article in the"magic quotes brought...

Prototype of an PHP application 0.1 ident/loginliste.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

Prototype of an PHP application 0.1 ident/ident.inc.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

Prototype of an PHP application 0.1 menu/menuprincipal.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...