MariaDB 10.1.x < 10.1.11 sql/sql_yacc.yy SELECT Statement Keyword Handling DoS

The version of MariaDB running on the remote host is 10.1.x prior to 10.1.11. It is, therefore, affected by a denial of service vulnerability due to a flaw in sqlyacc.yy that is triggered when handling keywords in SELECT statements. An authenticated, remote attacker can exploit this to crash the...

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...

Cisco EPC3928 Denial of Service Vulnerability

Cisco EPC3928 is a wireless router product from Cisco USA. A security vulnerability exists in goform/Docsissystem on the Cisco EPC3928. A remote attacker can exploit this vulnerability to cause a denial of service device crash with the help of a long 'LanguageSelect' parameter...

PT-2016-4718 · Cisco · Cisco Epc3928

Name of the Vulnerable Software and Affected Versions: Cisco EPC3928 devices affected versions not specified Description: The issue allows remote attackers to cause a denial of service, resulting in a device crash. This is achieved by exploiting the goform/Docsis system endpoint with a long...

WordPress Ultimate Membership Pro 3.3 Plugin - SQL Injection

Exploit for php platform in category web applications Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass...

DEBIAN-CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...

Code injection

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...

CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...

CVE-2016-2493

The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 2013, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522...

USN-2993-1 firefox vulnerabilities

Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa discovered multiple memory safety issues in Firefox. If a user were tricked in to...

Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...

UBUNTU-CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...

Addressbar spoofing though the SELECT element — Mozilla

Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL,...

IBM DB2 LUW Denial of Service Vulnerability (CNVD-2016-02177)

IBM DB2 LUW is a set of U.S. IBM's relational database management system running in the LUW Linux, UNIX and Windows platform. A security vulnerability exists in IBM DB2 LUW. A remote attacker can exploit this vulnerability to cause a denial of service service interruption with the help of a...

akcms 4.0.9 akcms_keyword.php SQL注入漏洞

AKCMS是国内最著名的轻量级CMS建站程序，在主流PHP建站系统中特色鲜明，以灵活、小巧、兼容性好、负载强等优点而深受许多站长的喜爱。 但在 akcms 4.0.9 中，akcmskeyword.php 此文件中存在sql注入漏洞 akcmskeyword.php： systemroot 是和后台目录对应的 可以看到包含了/fore/keyword.php。 我们继续跟进一下这个文件：admin/fore/keyword.php getby'', 'keywords', "sid='$sid' AND keyword='".addslashes$keyword."'";...

正方教务系统 ResultXml_common.aspx SQL 注入漏洞

Payload: /ResultXmlcommon.aspx?k=%&column='username='||xh||''||'passwd='||mm||''&table=xsjbxxb+where+rownum"; xml = xml + "" + dr0.ToString + ""; dr.Close; comm.Dispose; conn.Close; xml = x...

SUSE: Security Advisory for kernel (SUSE-SU-2015:0529-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : MozillaFirefox (openSUSE-2015-565)

MozillaFirefox was updated to version 40.0.3 to fix two security issues and several bugs. Changes in MozillaFirefox : - update to Firefox 40.0.3 bnc943550 - Disable the asynchronous plugin initialization bmo1198590 - Fix a segmentation fault in the GStreamer support bmo1145230 - Fix a regression...

[SECURITY] Fedora 21 Update: drupal6-views_bulk_operations-1.17-1.fc21

This module augments Views by allowing bulk operations to be executed on the displayed rows. It does so by showing a checkbox in front of each node, and adding a select box containing operations that can be applied. Drupal Core or Rules actions can be used. This package provides the following...

Android Dolphin Browser remote code execution-vulnerability warning-the black bar safety net

The attacker has the ability to by Android the Dolphin Browser to control the user's network communication data, you can modify the download and application browser new theme function. By using this function, an attacker can write arbitrary files, these files will be in the user device browser...