Threat Outbreak Alert RuleID31903: Email Messages Distributing Malicious Software on February 5, 2018

Medium Alert ID: 56663 First Published: 2018 February 5 16:24 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31903 may contain the following files: Name |...

Code injection

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service daemon crash via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database...

PySAML2: Security bypass

Background PySAML2 is a pure python implementation of SAML2 Description It was found that the PySAML2 relies on an assert statement to check the user’s password. A python optimizations might remove this assertion. Impact A remote attacker could bypass security restrictions and access any...

织梦前台任意用户密码修改

常见的弱类型问题 类型转换问题 类型转换是无法避免的问题。例如需要将GET或者是POST的参数转换为int类型，或者是两个变量不匹配的时候，PHP会自动地进行变量转换。但是PHP是一个弱类型的语言，导致在进行类型转换的时候会存在很多意想不到的问题。 数学运算 当php进行一些数学计算的时候 因为 md5's878926199a'=0e545993274517709034328855841020就是0的n次方，所以还是等于0 但是要注意： "0e123456abc"=="0e1dddada"//false 这种返回的是为假 语句条件的松散判断 函数的松散判断...

Design/Logic Flaw

The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...

CVE-2014-8336

The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...

CVE-2014-8336

The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...

CVE-2014-8336

The WP-DBManager WordPress plugin (pre-2.7.2) contains a vulnerability in the Sql Run Query panel that allows remote read of arbitrary files by exploiting insufficient query restriction, demonstrated via LOAD_FILE in an INSERT statement. Affected product: WP-DBManager plugin for WordPress. Impact...

Razer US: SQL Injection on careers.razerzone.com within the Admin interface without any access credentials

The researcher discovered a SQL Injection vulnerability on our careers.razerzone.com host, which is used to list job openings for Razer worldwide and receive application submissions from potential hires. This vulnerability could have allowed the exfiltration of admin credentials as well as person...

User ‘Gross Negligence’ Leaves Hundreds of Lexmark Printers Open to Attack

UPDATE Researchers at NewSky Security have found hundreds of Lexmark printers misconfigured, open to the public internet and easily accessible to anyone interested in taking control of targeted devices. Researchers identified 1,123 Lexmark printers traced back to businesses, universities and in...

Threat Outbreak Alert RuleID31472: Email Messages Distributing Malicious Software on November 28, 2017

Medium Alert ID: 56067 First Published: 2017 November 28 18:47 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31472 may contain the following files: Name |...

Ox gem crashes due to a crafted input

In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parseobj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication...

CVE-2017-16869

pmach.cpp in UPX 3.94 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication...

CVE-2017-16869

pmach.cpp in UPX 3.94 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication...

Threat Outbreak Alert RuleID31239: Email Messages Distributing Malicious Software on November 8, 2017

Medium Alert ID: 55809 First Published: 2017 November 8 15:00 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31239 may contain the following files: Name |...

CVE-2017-15928

In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parseobj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication...

CVE-2017-15928

In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parseobj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication...

SQL Injection

Dolibarr is vulnerable to multiple SQL injection attacks. The searchcountry, searchtypethirdparty, viewstatut, viewstatut, searchsale, and searchuser user-supplied values are not escaped before being placed into an SQL statement...

Microsoft Edge Chakra Parser::ParseCatch Failed eval Handle

Microsoft Edge: Chakra: Parser::ParseCatch doesn't handle "eval" CVE-2017-11764 In Javascript, the code executed by a direct call to eval shares the caller block's scopes. Chakra handles this from the parser. And there's a bug when it parses "eval" in a catch statement's param. ParseNodePtr...

CVE-2017-1002026

Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function editeventcategory does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement...