CVE-2018-1247

RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity XXE vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application...

Mail.ru: api.icq.com / возможность отредактировать текст любого пользователя или группы переслав его.

Нашёл лютую дырку дело в том что при пересылке сообщения пользователя группы текст стоит в параметре конечно же я пробовал его отредактировать и послать пакет но никак не выходило и тут я использовал один старый метод, обычно же идёт GET запрос его мы и меняем, но после идёт POST запрос который...

jbpmmigration: XXE vulnerability in XmlUtils

It was discovered that the XmlUtils class in jbpmmigration performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXtern...

IBM OpenPages GRC Platform Information Disclosure Vulnerability (CNVD-2017-34430)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

Pidgin MXIT Extended Profiles Code Execution Vulnerability(CVE-2016-2371)

DESCRIPTION An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. CVSSv3 SCORE 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H TESTED VERSIONS Pidgin...

The software of the remote monitoring system Advantech WebAccess is vulnerable due to insufficient protection of the SQL query structure during authentication. This vulnerability allows attackers to execute arbitrary SQL commands and modify web server settings, user accounts, and projects.

The vulnerability of Advantech WebAccess remote monitoring software exists due to insufficient protection of the SQL query structure during authentication injection of SQL code. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands and modify web server settings...

postgresql: pg_user_mappings view discloses foreign server passwords

It was found that the pgusermappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password use...

Guilin DaCong Network Technology website builder system aid parameter SQL injection vulnerability

Guilin DaCong Network Technology website building system is a website building system with Guilin website construction and Guilin website promotion as the core business. SQL injection vulnerability exists in the parameters of Guilin DaCong Network Technology website building system aid, which can...

Microsoft Windows SMB Server Information Disclosure Vulnerability (CNVD-2017-07377)

Microsoft Windows is the popular computer operating system. An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 SMBv1 server processing of certain requests. An attacker can exploit this vulnerability to obtain sensitive server information via a constructed...

DEBIAN-CVE-2016-2370

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability...

SQL Injection Vulnerability in Zzcms admin/logincheck.php Page

ZZCMS is an enterprise website builder. A SQL injection vulnerability exists in the zzcms admin/logincheck.php page. Due to the failure to filter variables coming from $SERVER, an attacker can exploit the vulnerability to obtain sensitive database data...

mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016)

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML...

mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML...

CVE-2016-5133

Removed by vendor...

PT-2016-5139 · Pidgin +3 · Pidgin +3

Name of the Vulnerable Software and Affected Versions: Pidgin affected versions not specified Description: A denial of service issue exists in the handling of the MXIT protocol. Specially crafted MXIT data sent from the server could result in an out-of-bounds read. A malicious server or...

UBUNTU-CVE-2016-2366

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this...

UBUNTU-CVE-2016-2365

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger th...

Arbitrary File Download Vulnerability in New Harvest Technology Creative Portal Information Management System

Creative Portal Management System is a creative information publishing platform applied in the construction of New Harvest Technology. An arbitrary file download vulnerability exists in the New Harvest Technology Creative Portal Information Management System, which allows an attacker to exploit t...

Information disclosure

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...