CVE-2017-1002027

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rkuserlist.php...

CVE-2017-1002005

Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...

CVE-2017-1002020

Vulnerability in wordpress plugin surveys v1.01.8, The code in surveyform.php does not sanitize the action variable before placing it inside of an SQL query...

CVE-2017-1002021

Vulnerability in wordpress plugin surveys v1.01.8, The code in individualresponses.php does not sanitize the surveyid variable before placing it inside of an SQL query...

Design/Logic Flaw

Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...

CVE-2017-1002020

Vulnerability in wordpress plugin surveys v1.01.8, The code in surveyform.php does not sanitize the action variable before placing it inside of an SQL query...

Security feature bypass

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rkuserlist.php...

Design/Logic Flaw

Vulnerability in wordpress plugin surveys v1.01.8, The code in surveyform.php does not sanitize the action variable before placing it inside of an SQL query...

CVE-2017-1002004

Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...

CVE-2017-1002028

Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query...

CVE-2017-1002022

Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query...

CVE-2017-1002005

Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...

Tor: Sql query disclosure,

Hi, path:- https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=mergeready&status=needsinformation&status=needsreview&status=needsrevision&status=new&status=reopened&component=- Select a...

osTicket 1.10 - SQL Injection (PoC)

ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...

FineCMS 1.0 Cross Site Scripting / SQL Injection

Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: sohaip-hackerDZ Author Web:...

Activity Stream Gadget causing high memory/CPU consumption

+Problem Definition+ Activity Stream Gadget causing high memory/CPU consumption when there is 1 million+ of records in the AO563AEEACTIVITYENTITY table. In this particular case, found that majority of these records are from 3rd party plugins Insight. However, do note that this can happen to any...

WordPress Gallery Transformation plugin 1.0 - Blind SQL Injection vulnerability

Blind SQL Injection vulnerability found by Larry W. Cashdollar in WordPress Gallery Transformation plugin 1.0 version. SQL injection vulnerability lies in ./wordpress-gallery-transformation/gallery.php file, $jpic parameter passed into an SQL query unsanitized. Solution The plugin already removed...

Red-Gate SQL Monitor 3.10 4.2 - Authentication Bypass

Red-Gate SQL Monitor 3.10 4.2 - Authentication Bypass Exploit Title: Red-Gate SQL Monitor authentication bypass Version: Redgate SQL Monitor before 3.10 and 4.x before 4.2 Date: 2017-08-10 Red-Gate made a security announcement and publicly released the fixed version more than two years before thi...

[20170901] - Core - Information Disclosure

A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state...

About the security content of watchOS 3.2.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...