Joomla! 3.4.x < 3.8.0 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists related to SQL query handling that allows disclosure of article introduction text when such articles are in the archived state. Note that only versions 3.7.0...

Joomla! 1.7.x < 3.8.0 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists related to SQL query handling that allows disclosure of article introduction text when such articles are in the archived state. Note that only versions 3.7.0...

Joomla! 3.2.x < 3.8.0 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists related to SQL query handling that allows disclosure of article introduction text when such articles are in the archived state. Note that only versions 3.7.0...

Joomla! 1.6.x < 3.8.0 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists related to SQL query handling that allows disclosure of article introduction text when such articles are in the archived state. Note that only versions 3.7.0...

Joomla! 3.5.x < 3.8.0 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists related to SQL query handling that allows disclosure of article introduction text when such articles are in the archived state. Note that only versions 3.7.0...

ATT&CK +osquery = Love

I had the ability to live-stream MITRE's ATT&CKcon, a two-day event where organizations came together as a community to share their best practices with leveraging the ATT&CK framework. At this conference, Scott Lundgren, Chief Architect at Carbon Black ,presented “ATT&CK + osquery = Love,” where ...

SQL Injection

top-think/think is vulnerable to a SQL Injection attack.A malicious user can pass a request to the inner delete function to control the WHERE clause of the SQL query...

SQL Injection

phpMyFAQ/phpMyFAQ is vulnerable to SQL Injections. The library does not properly escape parameters in the SQL query executed by the restore function, allowing malicious users to inject and execute arbitrary SQL queries...

Sql injection

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...

CVE-2018-12942

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...

CVE-2018-12942

SeedDMS (formerly LetoDMS/MyDMS) contains a SQL injection vulnerability in the Users management feature affecting versions before 5.1.8 . The flaw allows authenticated attackers to manipulate SQL queries on the application server, enabling extraction, modification, or deletion of data in the back...

SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)

More info at https://www.silverstripe.org/download/security-releases/ss-2018-016/...

Design/Logic Flaw

The valueAsString parameter inside the JSON payload contained by the ucLogintxtLoginIdClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may...

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 2 Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link:...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998)

Summary An improperly formatted SELECT command to an IBM Tivoli Storage Manager IBM Spectrum Protect Server can cause a buffer overflow that could allow an attacker to execute arbitrary code on the server. Vulnerability Details CVEID: CVE-2016-8998 DESCRIPTION: IBM Tivoli Storage Manager Server...

Security Bulletin: Multiple IBM InfoSphere Information Server components are affected by a vulnerability in the XML4C parser (CVE-2014-8901)

Summary Multiple components of IBM InfoSphere Information Server may be affected by a denial of service attack triggered by a specially crafted XML document being parsed by the XML4C parser. Vulnerability Details CVEID: CVE-2014-8901 DESCRIPTION: IBM XML4J and XML4C contains a denial of service...

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection Cross-Site Scripting

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection Cross-Site Scripting Exploit Title: Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 26.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage:...