Security Bulletin: IBM® DB2® contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910)

Summary IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SELECT statement with XML/XSLT function to read arbitrary text files owned by the DB2 instance owner. On Windows, the attacker is able to re...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with WebSphere Remote Server (CVE-2016-0215)

Summary IBM DB2 is shipped as a component of WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin. Vulnerability Details For vulnerability details, see the security bulletin IBM DB2 LUW contains a denial of service...

CVE-2016-9076

An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox 50...

Schools Alert Management Script - SQL Injection

Exploit Title: Schools Alert Management Script - SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

Twonky Server Cross-Site Scripting Vulnerability (CNVD-2018-11374)

LYNX Twonky Server is a media server from LYNX TECHNOLOGY, Inc. that supports the sharing of media content between connected devices. A cross-site scripting vulnerability exists in LYNX Twonky Server versions prior to 8.5.1. The vulnerability can be exploited by a remote attacker to execute code...

Sql injection

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

Dolibarr 7.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...

Open-Xchange: [XSS] select/onchange in TinyMCE via set body

Hi. TinyMCE allow insert . For set this content need special link: mailto:aaa?body=. Steps: 1. Go to compose mail 2. Insert URL: mailto:aaa?body=%3Cselect%20onchange%3D%22alertdocument.cookie%22%3E%3Coption%3E2%3C%2Foption%3E%3Coption%3E2%3C%2Foption%3E%3C%2Fselect%3E 3. Save Mail 4. Open this ma...

bui select component cross-site scripting vulnerability

bui is a front-end framework based on JQuery. select component is one of the search component. A cross-site scripting vulnerability exists in the select component in bui 2018-03-13 and prior versions, which stems from a program performing an escape operation on escaped text. A remote attacker can...

CVE-2018-8108

The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text...

CVE-2018-8108

The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text...

PHP Scripts Mall Select Your College Script SQL Injection Vulnerability

PHP Scripts Mall Select Your College Script is a PHP based categorized search script for higher education institutions by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Select Your College Script version 2.0.2. A remote attacker can exploit this vulnerability to...

Sql injection

SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter...

CVE-2018-6863

SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter...

CVE-2016-0215

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service daemon crash via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database...

Code injection

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service daemon crash via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database...

CVE-2018-5696

The iJoomla comadagency plugin 6.0.9 for Joomla! allows SQL injection via the advertiserstatus and statusselect parameters to index.php...

PT-2018-17093 · Joomla · Com Adagency

Name of the Vulnerable Software and Affected Versions: com adagency plugin version 6.0.9 for Joomla! Description: The issue allows SQL injection via the advertiser status and status select parameters to "index.php". This can potentially lead to unauthorized access to sensitive data...

[SECURITY] Fedora 27 Update: sensible-utils-0.0.11-1.fc27

This package provides a number of small utilities which are used by program s to sensibly select and spawn an appropriate browser, editor, or pager...

Design/Logic Flaw

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to...