4786 matches found
CVE-2019-3784
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...
SQLiteManager SQL Injection Vulnerability
SQLiteManager is a set of web-based SQLite database management tools that support multiple languages. A SQL injection vulnerability exists in SQLiteManager versions 1.2.0 and 1.2.4. A remote attacker can exploit this vulnerability to execute SQL commands...
Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images
Imago is a python tool that extract digital evidences from images recursively. This tool is useful throughout a digital forensic investigation. If you need to extract digital evidences and you have a lot of images, through this tool you will be able to compare them easily. Imago allows to extract...
Critical Photon OS Security Update - PHSA-2019-3.0-0002
Updates of 'curl', 'linux-aws', 'linux-secure', 'nginx', 'libtiff', 'linux-esx', 'libgd', 'elasticsearch', 'kibana', 'sqlite', 'openjdk8', 'linux' packages of Photon OS have been released...
Critical Photon OS Security Update - PHSA-2019-0002
Updates of 'kibana', 'curl', 'sqlite', 'libgd', 'nginx', 'linux-esx', 'openjdk8', 'libtiff', 'linux', 'elasticsearch', 'linux-secure', 'linux-aws' packages of Photon OS have been released...
BeEF - The Browser Exploitation Framework Project
What is BeEF? BeEF is short for The BrowserExploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual securi...
Critical Photon OS Security Update - PHSA-2019-0132
Updates of 'elasticsearch', 'python3', 'kibana', 'nginx', 'sqlite' packages of Photon OS have been released...
Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)
-- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link: https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudiox64lin-deb?format=raw Version:...
Valentina Studio 9.0.5 Linux - Host Buffer Overflow (PoC)
Valentina Studio 9.0.5 Linux - Host Buffer Overflow PoC -- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link:...
Critical Photon OS Security Update - PHSA-2019-0209
Updates of 'curl', 'sqlite-autoconf', 'elasticsearch', 'glibc', 'binutils', 'kibana' packages of Photon OS have been released...
SQL Injection in sequelize
Affected versions of sequelize use MySQL's backslash-based escape syntax when connecting to SQLite, despite the fact that SQLite uses PostgreSQL's escape syntax, which can result in a SQL Injection vulnerability. Recommendation Update to version 1.7.0-alpha3 or later...
GHSA-X2JC-PWFJ-H9P3 SQL Injection in sequelize
Affected versions of sequelize use MySQL's backslash-based escape syntax when connecting to SQLite, despite the fact that SQLite uses PostgreSQL's escape syntax, which can result in a SQL Injection vulnerability. Recommendation Update to version 1.7.0-alpha3 or later...
GHSA-9C2P-JW8P-F84V SQL Injection in sequelize
Affected versions of sequelize cast arrays to strings and fail to properly escape the resulting SQL statement, resulting in a SQL injection vulnerability. Proof of Concept In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped...
SQL Injection in sequelize
Affected versions of sequelize cast arrays to strings and fail to properly escape the resulting SQL statement, resulting in a SQL injection vulnerability. Proof of Concept In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped...
TaoCMS code injection vulnerability
TaoCMS is a php sqlite/mysql based ultra-small CMS management system. TaoCMS is vulnerable to code injection, which can be exploited by placing PHP code in the install.php dbname parameter and then issuing a config.php request to perform eval injection...
KLA11409 Multiple vulnerabilities in Apple iCloud
Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. Multiple memory corruption vulnerabilities in SQLite can be exploited remotely to...
CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols
This software project is a result of a Bachelor's thesis created atSCHUTZWERK in collaboration with Aalen University by Philipp Schmied. Please refer to the correspondingblog post for more information. Why another CAN tool? Built from scratch with new ideas for analysis mechanisms Bundles feature...
Photon OS 1.0: Sqlite PHSA-2017-0025
An update of the sqlite package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0025. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121717;...
Photon OS 1.0: Sqlite PHSA-2018-1.0-0126
An update of the sqlite package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid12182...
Goscan - Interactive Network Scanner
GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...