CVE-2017-5663

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to...

CVE-2017-5663

CVE-2017-5663 affects Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating. An authenticated user with read permissions on client/loan/center/staff/group can inject malicious SQL into SELECT queries via the sqlSearch parameter across several endpoints where input is appended d...

Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection

Exploit Title: Freelance Website Script 2.0.6 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/freelance-website-script/ Version: 2.0.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...

Applicative Protocol Multiplexer: SSLH

sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client. Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be...

Ruby on Rails: ActionController::Parameters .each returns an unsafe hash

Rails 5.1.4 The goal of ActionController::Parameters's permit method strong parameters is to prevent accidental trust in the parameters sent by the client. We can therefore not simply create a hash of all the parameters in the params without permitting them first. When we really want to do this...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

Ubuntu: Security Advisory (USN-3479-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: Divide-by-zero in __tcp_select_window

A divide-by-zero vulnerability was found in the tcpselectwindow function in the Linux kernel. This can result in a kernel panic causing a local denial of service...

USN-3479-1: PostgreSQL vulnerabilities

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2017-15098 Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing...

Vulnerability in core server (CVE-2017-15099)

INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

Perch Content Management System Arbitrary File Upload Vulnerability

Perch Content Management System is a content management system for small websites. An arbitrary file upload vulnerability exists in Perch Content Management System version 3.0.3. The vulnerability can be exploited to upload arbitrary files to the web server system via the Asset Title and Select...

JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection

Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...

Equifax Reopens Salary Lookup Service

Equifax has re-opened a Web site that lets anyone look up the salary history of a large portion of the American workforce using little more than a person's Social Security number and their date of birth. The big-three credit bureau took the site down just hours after I wrote about it on Oct. 8, a...

CVE-2017-15948

Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...

Memory corruption vulnerability in Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro

Overview Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro contain a memory corruption vulnerability. Impact If a user opens a specially crafted Rakuraku Hagaki file or Rakuraku Hagaki Select for Ichitaro file, arbitrary code may be executed with the privilege of running the application...

GHSA-2XJJ-5X6H-8VMF Cross-site Scripting in actionpack

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

Cross-site Scripting in actionpack

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

kernel: Divide-by-zero in __tcp_select_window

A divide-by-zero vulnerability was found in the tcpselectwindow function in the Linux kernel. This can result in a kernel panic causing a local denial of service...

kernel: Divide-by-zero in __tcp_select_window

A divide-by-zero vulnerability was found in the tcpselectwindow function in the Linux kernel. This can result in a kernel panic causing a local denial of service...